Lucene search
K

108782 matches found

The Hacker News
The Hacker News
added 1 hour ago4 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago3 views

Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3b9ca286cef4b241ded9603c192ce5b13e155cad9b017ee3f89b98674065374 During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...

6AI score
Exploits0References4
GithubExploit
GithubExploit
added 7 hours ago17 views

Exploit for Improper Input Validation in Apache Activemq

Apache ActiveMQ Classic — RCE Research Private research archi...

8.8CVSS7AI score0.96666EPSS
Exploits14
Nuclei
Nuclei
added 11 hours ago67 views

GLPI <9.4.6 - Open Redirect

GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...

6.1CVSS6.4AI score0.07608EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago35 views

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

7.5CVSS7.1AI score0.07408EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago413 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS7AI score0.06583EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago60 views

LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-45808 info: name: LearnPress Plugin 4.2.0 - Unauthenticated Time-Based Blind SQLi author: DhiyaneshDK severity: critical description: | SQL Injection vulnerability in LearnPress – WordPress LMS...

9.9CVSS7.3AI score0.04269EPSS
Exploits2References2
Nuclei
Nuclei
added 11 hours ago45 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

7.5CVSS7.1AI score0.30894EPSS
Exploits5References4
Nuclei
Nuclei
added 11 hours ago63 views

perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks. id: CVE-2022-41412 info: name: perfSONAR 4.x = 4.4.4 - Server-Side Request Forgery author: nullhypothesis severity: high descriptio...

8.6CVSS7.2AI score0.04088EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago540 views

Thinkphp Lang - Local File Inclusion

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. id:...

9.8CVSS7.3AI score0.15505EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago90 views

LearnPress Plugin < 4.2.0 - Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-47615 info: name: LearnPress Plugin 4.2.0 - Local File Inclusion author: DhiyaneshDK severity: critical description: | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin...

9.8CVSS7.2AI score0.05063EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago46 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS7.1AI score0.04715EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago88 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7.2AI score0.0132EPSS
Exploits2
Nuclei
Nuclei
added 11 hours ago80 views

PrestaShop SmartBlog <4.0.6 - SQL Injection

PrestaShop SmartBlog by SmartDataSoft 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality. id: CVE-2021-37538 info: name: PrestaShop SmartBlog 4.0.6 - SQL Injection author: whoever severity: critical description: PrestaShop SmartBlog by SmartDataSoft 4.0.6 is...

9.8CVSS7.2AI score0.74489EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago19 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS5.8AI score0.02016EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago11 views

WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

9.3CVSS6.2AI score0.01425EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago60 views

WordPress WP01 - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2. id: CVE-2025-30567 info: name: WordPress WP01 - Path Traversal author: s4e-io severity: high description: | Improper...

7.5CVSS5.9AI score0.02628EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago39 views

Kae's File Manager <=1.4.7 - Cross-Site Scripting

Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.01332EPSS
Exploits1References5
NVD
NVD
added yesterday2 views

CVE-2026-20706

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...

0.00024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-20706

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...

5.9AI score0.00024EPSS
Exploits0References5
Rows per page
Query Builder