Lucene search
K

27698 matches found

Nuclei
Nuclei
added 16 hours ago9 views

SiYuan <= 3.6.5 - Unauthenticated Path Traversal

SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago216 views

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

7.5CVSS6.8AI score0.02317EPSS
Exploits0References6
Nuclei
Nuclei
added 16 hours ago131 views

October CMS - Remote Code Execution

October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...

8.5CVSS7.3AI score0.08682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 17 hours ago8 views

kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...

5.5CVSS6.1AI score0.00125EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday72 views

F5 BIG-IP Appliance Mode - Command Injection

When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...

9.8CVSS7.1AI score0.99956EPSS
Exploits70References5
NVD
NVD
added 2 days ago8 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 3 days ago10 views

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS0.00246EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-15146

A flaw was found in Wget. When operating in FTP passive mode, Wget fails to validate the IP address provided in an FTP PASV response. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this vulnerability to redirect Wget's data connection to an arbitrary IP addres...

5.9CVSS6.1AI score0.00121EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-39122

SiYuan: Path Traversal via Double URL Encoding in /assets/path publish mode arbitrary file─read, Incomplete fix of CVE-2026-41894...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42980

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

0.00121EPSS
Exploits0References2
CVE
CVE
added 4 days ago23 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
The Hacker News
The Hacker News
added 4 days ago12 views

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...

6.1AI score
Exploits0
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS6AI score0.00235EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago9 views

CVE-2026-59853

SiYuan prior to 3.7.1 exposes saved search criteria via /api/storage/getCriteria without publish-access filtering, enabling a publish-mode Reader to read private document paths, notebooks, documents, and block IDs, and to search/replace keywords for unpublished documents. This reflects a data-exp...

6.5CVSS6AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
Rows per page
Query Builder