Lucene search
K

3903 matches found

Nuclei
Nuclei
added 12 hours ago22 views

Roxy-WI - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcert parameter without proper input validation in the /app/options.py file, allowing attackers to inject arbitrary OS commands. id: CVE-2022-31161 info: name: Roxy-WI - Remote Code...

10CVSS8AI score0.90387EPSS
Exploits15References3
Nuclei
Nuclei
added 12 hours ago96 views

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

7.5CVSS7AI score0.02291EPSS
Exploits0References6
Nuclei
Nuclei
added 12 hours ago32 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7.1AI score0.25431EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-9132 Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

6CVSS0.00284EPSS
Exploits0References4
Snyk
Snyk
added 3 days ago4 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:21 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...

7.5CVSS5.8AI score0.00616EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: tunnels: Annotations were added for lockless accesses to dev-neededheadroom. IP tunnels can apparently update dev-neededheadroom during their xmit path. This patch addresses issues related to three types of tunnels xmit, ...

5.5CVSS6.3AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/13 5:13 p.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in setupPtmx and setupDevSymlinks, which enable file deletion via calls to os.Remove and os.Symlink. An attacker who supplies a container image whose /dev is a symlink can redirect these operations...

4.8CVSS5.5AI score0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 10:13 a.m.9 views

EUVD-2026-36221

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

9.4CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 10:13 a.m.19 views

CVE-2026-4764

The CVE reports a Missing Authorization in Dialogflow CX’s playbook import on Google Cloud Platform. An authenticated user with specific roles can escalate privileges via a malicious playbook import, potentially taking over a GCP project. The issue affects Dialogflow CX playbook import functional...

9.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48647

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

9.4CVSS5.5AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:10 p.m.7 views

DRUPAL-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48595

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/08 5:16 p.m.5 views

UBUNTU-CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

5.4AI score0.00168EPSS
Exploits0References9
Amazon
Amazon
added 2026/06/08 12:0 a.m.14 views

Important: tomcat10

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

5.5AI score0.00529EPSS
Exploits0
CVE
CVE
added 2026/06/05 4:51 p.m.19 views

CVE-2026-45290

Cloudburst Network: A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 affects the Network component and can stall the Netty event loop, rendering affected software inoperable. Impact is availability-focused (HIGH) with no confidentiality or integrity impact per the cited metrics. ...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 4:6 p.m.15 views

EUVD-2026-34135

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.12 views

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.10 views

EUVD-2025-210008

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

5.9AI score0.00088EPSS
Exploits0References2
Rows per page
Query Builder