Lucene search
K

7265 matches found

Nuclei
Nuclei
added yesterday11 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS6.1AI score0.22189EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday33 views

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...

9.3CVSS6.8AI score0.0282EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday41 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.3AI score0.08147EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS0.00134EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42070

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-48952

CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 3 days ago7 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago10 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
Metasploit
Metasploit
added 4 days ago63 views

macOS PackageKit ZSH Environment Privilege Escalation

This module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing user's environment. This causes ZSH to load the user's /.zshenv with root privileges before the install...

7.8CVSS7.2AI score0.01312EPSS
Exploits2
OSV
OSV
added 4 days ago10 views

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40781

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

5.8AI score0.00089EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14094

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

7.8CVSS5.8AI score0.00089EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14094

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

7.8CVSS0.00089EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.17 views

CVE-2026-14094

Summary (CVE-2026-14094) : A use-after-free flaw in the Chrome Windows Installer component allows a local attacker to escalate to OS-level privileges by loading a malicious file. Affected software: Google Chrome on Windows (prior to version 150.0.7871.47). Root cause: use-after-free in the Instal...

7.8CVSS5.8AI score0.00089EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14094

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

0.00089EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14094

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

7.8CVSS5.8AI score0.00089EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 8:38 p.m.7 views

Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54369

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Installer component on Windows. This flaw allows a local attacker to achieve OS-level privilege escalation by utilizing a malicious file. Use after...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:12 a.m.7 views

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...

5.9AI score
Exploits0References26
Rows per page
Query Builder