Lucene search
K

294 matches found

Nuclei
Nuclei
added 12 hours ago1408 views

Pterodactyl Panel - Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. id: CVE-2025-49132 info: name: Pterodactyl Panel - Remote Code Execution...

10CVSS6.1AI score0.13105EPSS
Exploits28References3
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-65114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0...

7.5CVSS5.9AI score0.00428EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.4 views

CentOS 9 : libpng-1.6.37-14.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libpng-1.6.37-14.el9 build changelog. - heap buffer over-read in pngimagewritebit RHEL-147356 CVE-2026-22801 - heap buffer over-read in pngimagefinishread RHEL-149000...

7.8CVSS5.8AI score0.00172EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6585

Name of the Vulnerable Software and Affected Versions ProficySCADA for iOS version 5.0.25920 Description The application is susceptible to a denial of service condition. An attacker can cause the application to crash by manipulating the password input field. Specifically, overwriting the field wi...

7.5CVSS5.5AI score0.00337EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.12 views

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

4.8CVSS7.2AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.6 views

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.7 views

CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.8CVSS6.8AI score0.09874EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.7 views

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

8.8CVSS6.7AI score0.00737EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.8 views

CVE-1999-0662

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete...

10CVSS6.9AI score0.01908EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.16 views

CVE-2019-16765

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

7.8CVSS7AI score0.04731EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 10:25 a.m.24 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality [CVE-2025-1993]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. This bulletin provides patch information to address the vulnerability in I...

5.5CVSS6AI score0.00111EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/11/11 7:47 a.m.0 views

EUVD-2025-74429

Malicious code in necessaryplanarianmoccasin-47 npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:47 a.m.2 views

Malicious code in necessary_parakeet_maroon-20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221421a705962565a208be8ddecbc41fbb73dfc9e8b0d8bef76df1a13d7e2159 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:44 a.m.1 views

EUVD-2025-76207

Malicious code in necessarymarsupial-apptea npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:26 a.m.1 views

EUVD-2025-81115

Malicious code in necessaryleopard0xrequest npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 5:18 a.m.0 views

EUVD-2025-62936

Malicious code in necessaryclownfishz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 5:18 a.m.1 views

EUVD-2025-62935

Malicious code in necessaryguineafowlz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 5:18 a.m.0 views

EUVD-2025-62931

Malicious code in necessaryprawnz3n npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 5:18 a.m.2 views

Malicious code in necessary_lobster_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b981cb8f8c5ee4ad75d08a67dde9555373a88feb1f7fa8456f856509345ccc8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 5:18 a.m.2 views

Malicious code in necessary_parrotfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab9629ec05274c01766ef5fa2ebb82e4f1e9c1cc8854c2769f07f9a11b7575d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder