Lucene search
K

993523 matches found

GithubExploit
GithubExploit
added 35 minutes ago1 views

Exploit for Eval Injection in Langflow

Fireflow RCE Exploit Remote Code Execution for Langflow via t...

9.8CVSS0.98412EPSS
Exploits19
NVD
NVD
added 4 hours ago4 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

Exploits0References4
NVD
NVD
added 4 hours ago5 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

Exploits0References5
CVE
CVE
added 4 hours ago5 views

CVE-2026-12740

Plack::Middleware::OAuth (Perl) versions up to 0.10 are affected. The vulnerability arises because RequestTokenV2 does not issue a state value and AccessTokenV2 continues the OAuth flow without verifying that the callback matches the initiated session. This enables login CSRF: an attacker can ini...

5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score
Exploits0References5
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

Exploits0References4
EUVD
EUVD
added 4 hours ago6 views

EUVD-2026-41687

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score
Exploits0References4
CVE
CVE
added 4 hours ago5 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider (Perl) prior to v0.23 lacks OAuth 2.0 state handling. The authentication_url may omit a state value and the callback does not verify the callback corresponds to the initiating session, enabling login CSRF where an attacker can complete the victim’s authoriza...

5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 hours ago2 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score
Exploits0References4
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

Exploits0References3
EUVD
EUVD
added 4 hours ago6 views

EUVD-2026-41686

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score
Exploits0References3
GithubExploit
GithubExploit
added 7 hours ago23 views

Exploit for CVE-2026-57517

Control Web Panel 0.9.8.1224 — Blind SQL Injection to Remot...

9.8CVSS6.9AI score0.00587EPSS
Exploits2
NVD
NVD
added 10 hours ago5 views

CVE-2026-53362

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

Exploits0References6
ATTACKERKB
ATTACKERKB
added 10 hours ago3 views

CVE-2026-53362

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

5.8AI score
Exploits0References7Affected Software1
CVE
CVE
added 10 hours ago7 views

CVE-2026-53362

Technical details are not publicly available in the provided documents. Monitor for updates.

5.8AI score
Exploits0References6
Cvelist
Cvelist
added 10 hours ago5 views

CVE-2026-53362 ipv6: account for fraggap on the paged allocation path

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

Exploits0References6
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-41669

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

5.8AI score
Exploits0References6
Nuclei
Nuclei
added 19 hours ago31 views

WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution

The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that...

9.8CVSS6.3AI score0.51316EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago21 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6AI score0.01323EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago57 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.8AI score0.02273EPSS
Exploits0References4
Rows per page
Query Builder