Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

147 matches found

Nuclei
Nucleiadded 14 hours ago17 views

SAP Solution Manager - Open Redirect

SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-26836 info: name: SAP Solution Manager - Open...

6.1CVSS6.2AI score0.02338EPSS
Exploits1References4
AstraLinux
AstraLinuxadded 5 days ago6 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of SMB2LOGOFF commands. The issue arises from the lack of proper validation of a pointer before accessing it. An attacker can exploit this...

7.5CVSS6.5AI score0.0406EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver, as it will be released soon...

5.3AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel. A race condition between the smb2 close operation and logoff in multi-channel connections could lead to a use-after-free issue...

7.5CVSS7.1AI score0.00504EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.5 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue arises from the lack of proper locking when performing operations on an object. An attacker can...

8.1CVSS6.8AI score0.02495EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.7 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...

8.1CVSS6.7AI score0.02393EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/04/28 12:0 a.m.83 views

📄 Microsoft WinLogon Registry Deletion / Privilege Escalation

This code represents a highly destructive proof of concept targeting Windows WinLogon and Registry access control mechanisms to achieve privilege escalation and system integrity compromise. The exploit is built around abusing Registry symbolic links and session-based Accessibility paths to redire...

7.8CVSS5.6AI score0.03178EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/12/12 12:7 p.m.3 views

CVE-2025-64990

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

6.8CVSS8AI score0.00719EPSS
Exploits0References1
OSV
OSVadded 2025/12/11 12:16 p.m.3 views

CVE-2025-64990

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

7.2CVSS6.2AI score0.00719EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/11 11:27 a.m.2 views

CVE-2025-64990 Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

6.8CVSS7.6AI score0.00719EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/11 11:27 a.m.27 views

CVE-2025-64990 Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

6.8CVSS0.00719EPSS
Exploits0References1
OSV
OSVadded 2025/12/09 1:16 a.m.4 views

UBUNTU-CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

5.7AI score0.00166EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2025/12/09 12:0 a.m.2 views

CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

5.2AI score0.00166EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/11/28 2:54 a.m.11 views

CVE-2025-12579

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS5.3AI score0.00189EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/27 3:30 a.m.5 views

EUVD-2025-199787

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS4.9AI score0.00189EPSS
Exploits0References3
NVD
NVDadded 2025/11/27 3:15 a.m.4 views

CVE-2025-12579

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS0.00189EPSS
Exploits0References2
CVE
CVEadded 2025/11/27 2:26 a.m.21 views

CVE-2025-12579

CVE-2025-12579 affects the Reuters Direct WordPress plugin. The vulnerability is a missing capability check on the logoff action in all versions up to and including 3.0.0, enabling unauthenticated attackers to reset the plugin’s settings (unauthorized modification of data). Connected sources conf...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/27 2:26 a.m.2 views

CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/27 2:26 a.m.10 views

CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/27 12:0 a.m.6 views

PT-2025-48217

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

5.3CVSS5.3AI score0.00189EPSS
Exploits0References3
Rows per page
Query Builder