Lucene search
K

1694 matches found

Nuclei
Nuclei
added yesterday23 views

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS6.1AI score0.02101EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday67 views

WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery

WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24150 info: name: WordPress Like Button Rating 2.6.32 - Server-Side Request Forgery...

7.5CVSS7AI score0.04337EPSS
Exploits1References3
Microsoft Secure
Microsoft Secure
added 6 days ago17 views

GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware

In this article 1. A wiper inside a backdoor 2. Backdoor capabilities 3. How GigaWiper was assembled 4. Conclusion: Multiple destructive capabilities consolidated into a single implant 5. Defending against destructive threats 6. Microsoft Defender detections 7. Indicators of compromise In October...

6.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-57251

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1059 OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

5.5CVSS6AI score0.0022EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 4:5 p.m.7 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.6 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the createconfig path in awscli/customizations/codedeploy/register.py. An attacker can read the CodeDeploy on-premises configuration file by accessing it on the same Unix-like ho...

6.8CVSS6AI score0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 6:34 p.m.3 views

CVE-2026-13769 Overly permissive File Permissions in AWS CLI

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS5.9AI score0.00101EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.6 views

CVE-2026-12029 vulnerabilities

Vulnerabilities for packages: chromium...

8.3CVSS5.8AI score0.00191EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.4 views

CVE-2026-11248 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS5.8AI score0.00241EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.7 views

CVE-2026-11232 vulnerabilities

Vulnerabilities for packages: chromium...

5.4CVSS6AI score0.00146EPSS
Exploits0
Fedora
Fedora
added 2026/07/01 1:22 a.m.13 views

[SECURITY] Fedora 43 Update: python-django-haystack-3.4.0-1.fc43

Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54637

Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...

6.8CVSS5.8AI score0.00101EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 1:0 p.m.37 views

CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 1:0 p.m.8 views

EUVD-2026-40089

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53087

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...

7.5CVSS5.7AI score0.00376EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 4:28 p.m.6 views

CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

5.7AI score0.00162EPSS
Exploits0
OSV
OSV
added 2026/06/24 1:10 p.m.6 views

OESA-2026-2695 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 3:21 p.m.31 views

CVE-2026-56325 Capgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...

3.1CVSS0.00215EPSS
Exploits0References2
Rows per page
Query Builder