Lucene search
+L

20173 matches found

Nuclei
Nuclei
added yesterday59 views

Sophos Mobile managed on-premises - XML External Entity Injection

An XML External Entity XXE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. id: CVE-2022-3980 info: name: Sophos Mobile managed on-premises - XML External Entity Injection author: dabla...

9.8CVSS7.3AI score0.08087EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS6.2AI score0.02056EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday37 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6.2AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday17 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2 days ago10 views

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access SMA 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below - CVE-2026-15409 CVSS score: 10.0 - A Server-side...

10CVSS7.2AI score0.01486EPSS
Exploits4
NVD
NVD
added 3 days ago4 views

CVE-2026-15720

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago40 views

CVE-2026-15720 Pre-auth heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-15720

Open5GS up to version 2.7.7 is affected by a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler, which may cause subscriber-wide denial of service. The CVE entry consolidates this as CVE-2026-15720. The connected sources (NVD/NVD CVE records) confirm the vulnera...

8.6CVSS6.1AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 3 days ago3 views

CVE-2026-15720 Pre-auth heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS6.1AI score0.00371EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago132 views

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...

7.5CVSS6.8AI score0.99899EPSS
Exploits8References1
The Hacker News
The Hacker News
added 2026/07/10 9:0 a.m.14 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/07/09 7:14 p.m.39 views

CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS0.00125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/09 6:25 a.m.5 views

CVE-2026-15169

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service DoS by sending a specially crafted Universal Mobile Telecommunications System UMTS FP protocol packet. The flaw resides in the UMTS FP protocol dissector, which can lead to a crash of the...

7.5CVSS6AI score0.00218EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

DEBIAN-CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 8:51 p.m.5 views

CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00218EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56595

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Wireshark versions 4.4.0 through 4.4.16 Description A crash in the UMTS FP protocol dissector allows a denial of service. A dissector is a software component that breaks down network traffic into a...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 1:32 p.m.30 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS0.00646EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/07 1:32 p.m.11 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References11
Rows per page
Query Builder