Lucene search
K

12415 matches found

Nuclei
Nuclei
added 9 hours ago28 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.2AI score0.01765EPSS
Exploits1References3
Circl
Circl
added yesterday3 views

CVE-2026-54572

creationtimestamp| type| source ---|---|--- 2026-07-14 23:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqncql57ag2c 2026-07-14 23:20:52+00:00| seen| https://bsky.app/profile/potato.software/post/3mqndun2muq2x 2026-07-15 00:24:24+00:00| seen|...

7.5CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday17 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-54572

Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...

7.5CVSS6.1AI score
Exploits0References4
NVD
NVD
added yesterday3 views

CVE-2026-61520

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-6851

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-6851 Improper link resolution before file access in Bitdefender Total Security via Link Following (VA-13681)

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43632

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score0.00121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-6851

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score0.00121EPSS
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-6851

The CVE-2026-6851 entry concerns Bitdefender products on Windows: Bitdefender Total Security and Bitdefender Internet Security, specifically the File Shredder module. The vulnerability is described as an improper link resolution before file access (link following) that enables a less-privileged l...

7CVSS6.1AI score0.00121EPSS
Exploits0References1
Circl
Circl
added yesterday7 views

CVE-2026-44761

creationtimestamp| type| source ---|---|--- 2026-07-14 00:56:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqkypxf4yz2v 2026-07-14 01:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116915740682728635 2026-07-14 01:30:27+00:00| seen|...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References10
CVE
CVE
added yesterday17 views

CVE-2026-44752

CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
Circl
Circl
added 2 days ago4 views

CVE-2026-61462

creationtimestamp| type| source ---|---|--- 2026-07-13 18:48:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqke5w7ni22d 2026-07-13 19:02:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkexp5qxn2t 2026-07-14 04:01:23+00:00| seen|...

9.2CVSS6.1AI score0.0038EPSS
Exploits0References3
Circl
Circl
added 2 days ago4 views

CVE-2026-61958

creationtimestamp| type| source ---|---|--- 2026-07-13 11:37:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjm4cslsu2y 2026-07-13 11:37:42+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjm4elph22m 2026-07-14 02:25:56+00:00| seen|...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References4
NVD
NVD
added 2 days ago3 views

CVE-2026-57424

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS0.00242EPSS
Exploits0References1
Circl
Circl
added 2 days ago5 views

CVE-2026-6850

creationtimestamp| type| source ---|---|--- 2026-07-13 09:38:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfgfdc4x26 2026-07-13 09:48:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjfycu6co22 2026-07-13 09:48:06+00:00| seen|...

6.5CVSS6.1AI score0.0024EPSS
Exploits0References6
Veracode
Veracode
added 2 days ago4 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2 days ago7 views

CVE-2026-57424

CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder