Lucene search
K

406919 matches found

CVE
CVE
added 54 minutes ago2 views

CVE-2026-53909 Arbitrary File Upload in MCO

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 54 minutes ago1 views

CVE-2026-53909 Arbitrary File Upload in MCO

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

5.3CVSS
Exploits0References2
CVE
CVE
added 55 minutes ago3 views

CVE-2026-53905 Unauthorized Access to Administrator ACL View in MCO

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 55 minutes ago1 views

CVE-2026-53905 Unauthorized Access to Administrator ACL View in MCO

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

5.3CVSS
Exploits0References2
The Hacker News
The Hacker News
added 1 hour ago3 views

2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience

Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here...

5.9AI score
Exploits0
Nuclei
Nuclei
added 1 hour ago6 views

FOSSBilling - Server-Side Template Injection

A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References3
GithubExploit
GithubExploit
added 1 hour ago8 views

Know_Your_Customer_Adverse_Media_Check_BFSI_POC

CITADEL-Governed ADIB AMC Starter PoC This repository is a VM...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 1 hour ago6 views

CVE-2026-56016

A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...

7.4CVSS5.7AI score
Exploits0References5
Schneier on Security
Schneier on Security
added 2 hours ago2 views

Papa Johns Surveillance-Based Advertising

Papa Johns is spying on people's buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they're low on groceries--and thus more likely to be swayed by a mouth-watering...

5.8AI score
Exploits0
Nuclei
Nuclei
added 2 hours ago3 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS0.00896EPSS
Exploits1References2
OSV
OSV
added 2 hours ago2 views

RHSA-2026:33635 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

5.5CVSS0.02298EPSS
Exploits1References8
OSV
OSV
added 2 hours ago2 views

RHSA-2026:33633 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

5.5CVSS5.7AI score0.02298EPSS
Exploits1References8
OSV
OSV
added 2 hours ago2 views

RHSA-2026:33634 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

5.5CVSS0.02298EPSS
Exploits1References8
OSV
OSV
added 2 hours ago2 views

RHSA-2026:33632 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

5.5CVSS5.7AI score0.02298EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2 hours ago3 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.36 security and extras update

Red Hat OpenShift Container Platform release 4.19.36 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 hours ago4 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 packages and security update

Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
GithubExploit
GithubExploit
added 4 hours ago15 views

0day-Rubbish

0day Rubbish 0day vulnerabilities have become rubbish in...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 4 hours ago5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

9.1CVSS6.7AI score0.01557EPSS
Exploits7References10
Nuclei
Nuclei
added 4 hours ago28 views

Uptime-Kuma < v1.23.0 - Improper Access Control

Uptime-Kuma before v1.23.0 is vulnerable to an information disclosure issue due to missing authorization on the /api/badge/1/ping/24 endpoint. An unauthenticated attacker can access this endpoint to leak ping statistics, such as average ping and ping history, for existing monitors without needing...

5.3CVSS5.8AI score0.00905EPSS
Exploits1References2
NVD
NVD
added 4 hours ago5 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

Exploits0References2
Rows per page
Query Builder