Lucene search
+L

2903 matches found

nuclei
nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
nuclei
nuclei
added yesterday23 views

dash-uploader 0.1.0 - 0.7.0a2 - Denial-of-Service via flowTotalChunks

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a remote code execution caused by improper handling in Upload function and maxfilesize parameter in dashuploader components, letting remote attackers execute arbitrary code, exploit requires crafted request. id: CVE-2026-38361 info: name:...

7.5CVSS7.5AI score0.02643EPSS
Exploits5References4
cvelist
cvelist
added 2 days ago31 views

CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS0.0045EPSS
Exploits0References4
attackerkb
attackerkb
added 2 days ago5 views

CVE-2026-62389

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References5
nvd
nvd
added 4 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago28 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
cve
cve
added 4 days ago9 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score0.00328EPSS
Exploits0References1
nvd
nvd
added 6 days ago7 views

CVE-2026-5743

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
osv
osv
added last week1 views

SUSE-SU-2026:2850-1 Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue -...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References4
patchstack
patchstack
added 2026/07/09 2:42 p.m.4 views

WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jamaal ahmed in WordPress Plugin WoowBot Pro Max versions = 14.1.7...

9.9CVSS6.1AI score0.00328EPSS
Exploits0Affected Software1
euvd
euvd
added 2026/07/08 7:42 p.m.6 views

EUVD-2026-42372

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/08 5:37 a.m.5 views

CVE-2026-60000

A flaw was found in OpenSSH's Secure Shell Daemon sshd. This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using...

7.5CVSS6AI score0.00407EPSS
Exploits0References6
nuclei
nuclei
added 2026/07/08 5:22 a.m.210 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
nvd
nvd
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
cve
cve
added 2026/07/08 12:20 a.m.20 views

CVE-2026-55432

Coder's GO/enterprise deployment vulnerability: the CreateSubAgent RPC did not validate a requested app sharing level against the template MaxPortSharingLevel before persisting workspace apps. This allowed a workspace owner (with an agent token) to exceed the administrator’s maximum, potentially ...

5.4CVSS6AI score0.00315EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2026/07/08 12:14 a.m.8 views

EUVD-2026-42143

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6AI score0.00407EPSS
Exploits0References3
osv
osv
added 2026/07/08 12:14 a.m.2 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6.1AI score0.00407EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/07 11:50 p.m.35 views

CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

4.9CVSS0.00611EPSS
Exploits0References6
nvd
nvd
added 2026/07/07 4:16 p.m.9 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
euvd
euvd
added 2026/07/07 3:9 p.m.5 views

EUVD-2026-42049

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References7
Rows per page
Query Builder