Lucene search
K

158136 matches found

GithubExploit
GithubExploit
added 29 minutes ago3 views

Exploit for Insufficient Session Expiration in Apache Camel

camel-keycloak Missing ISACTIVE Check — Expired Tokens Accept...

9.8CVSS0.00411EPSS
Exploits1
GithubExploit
GithubExploit
added 7 hours ago18 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc AWS Secrets Manager Key-Metadata Unsafe Deserializat...

9.8CVSS6.2AI score0.00691EPSS
Exploits1
Debian
Debian
added 10 hours ago1 views

[SECURITY] [DLA 4679-1] mesa security update

Debian LTS Advisory DLA-4679-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 13, 2026 https://wiki.debian.org/LTS Package : mesa Version : 20.3.5-1+deb11u1 $bookwormVERSION CVE ID : CVE-2026-40393 Debian Bug : A vulnerability has been found in the mesa 3D...

9.8CVSS0.00348EPSS
Exploits0
Nuclei
Nuclei
added 11 hours ago73 views

Metersphere - Arbitrary File Read

Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

8.6CVSS6.9AI score0.49851EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago44 views

Sidekiq <=6.2.0 - Cross-Site Scripting

Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. id: CVE-2021-30151 info: name: Sidekiq =6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq...

6.1CVSS6.3AI score0.04158EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago80 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago38 views

Sympa version =>6.2.16 - Cross-Site Scripting

Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. id: CVE-2018-1000671 info: name: Sympa version =6.2.16 -...

6.1CVSS6.6AI score0.03982EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago64 views

Jenkins <=2.196 - Cookie Exposure

Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. id: CVE-2019-10405...

5.4CVSS6.1AI score0.65753EPSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago170 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.1AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago111 views

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting

Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server...

6.1CVSS6.6AI score0.81466EPSS
Exploits4References5
Nuclei
Nuclei
added 11 hours ago102 views

Jenkins <=2.218 - Information Disclosure

Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...

5.4CVSS6.2AI score0.07044EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago560 views

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

10CVSS6.8AI score0.98481EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago86 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7AI score0.143EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago68 views

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

9.1CVSS7AI score0.5415EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago16 views

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

5.4CVSS6.7AI score0.04132EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago28 views

Drupal 7 CKEditor XSS

CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...

6.1CVSS6.7AI score0.03189EPSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago33 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS6.1AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 11 hours ago66 views

SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations VMware or HyperV. The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. id: CVE-2024-45488 info: name: SafeGuard for...

9.8CVSS6.1AI score0.50172EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago65 views

1Panel SQL Injection - Authenticated

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS7.1AI score0.29396EPSS
Exploits1References1
GithubExploit
GithubExploit
added yesterday42 views

web-management-server-compromise-assessment

Web Management Server Compromise Assessment AMN SECUR...

7.8CVSS7.1AI score0.00383EPSS
Exploits7
Rows per page
Query Builder