Lucene search
+L

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.8 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/11 7:17 p.m.12 views

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:25 p.m.7 views

CVE-2026-40500

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector incapable of providing...

6.8CVSS6.5AI score0.00385EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.8 views

CVE-2026-34443

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References1
Gitee
Gitee
added 2025/09/14 12:1 p.m.175 views

spraywmi

Exploit module/toolkit targeting Windows systems via WMI Windows Management Instrumentation spraying. The tool, named SprayWMI, is designed to mass spray Unicorn PowerShell injection to CIDR notations. It is a Python-based tool that uses the pexpect library to interact with the Windows Management...

7.7AI score
Exploits0
OSV
OSV
added 2025/02/04 12:30 p.m.5 views

GHSA-3CJF-FWCQ-XH22 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS5.8AI score0.01056EPSS
Exploits0References5
Rows per page
Query Builder