Lucene search
+L

253 matches found

Nuclei
Nuclei
added yesterday131 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.6AI score0.61736EPSS
Exploits3References5
Fedora
Fedora
added 2026/07/10 1:6 a.m.6 views

[SECURITY] Fedora 43 Update: nmap-7.92-8.fc43

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

6.9CVSS6.6AI score0.00278EPSS
Exploits0
Fedora
Fedora
added 2026/07/03 12:56 a.m.13 views

[SECURITY] Fedora 44 Update: nmap-7.92-11.fc44

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

6.9CVSS6.6AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/07/01 12:21 p.m.15 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
NVD
NVD
added 2026/06/25 7:16 p.m.13 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/15 11:13 a.m.90 views

exploit-scripts

Offensive Security Toolkit ╔═════════════════════════════...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/13 9:37 p.m.106 views

OffSploit

OffSploit: Autonomous Exploit Adaptation & C2 Framework !Py...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.79 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/29 12:47 p.m.112 views

Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems

Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems K...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/26 12:20 p.m.125 views

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

6CVSS7.7AI score0.49759EPSS
Exploits17
GithubExploit
GithubExploit
added 2026/05/17 4:33 a.m.285 views

Eternalblue-ms17-010-lab

01-EternalBlue-MS17-010-README.mdhttps://github.com/user-atta...

9.3CVSS7.5AI score0.93307EPSS
Exploits47
GithubExploit
GithubExploit
added 2026/05/15 8:19 p.m.97 views

Vulnerability-Scanner-using-Ollama-3-

Vulnerability Scanning & Exploitation Toolkit A Python-based...

9.8CVSS7.3AI score0.99992EPSS
Exploits151
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Nextcloud News app 代码问题漏洞

The Nextcloud News app is an RSS/Atom news aggregator developed by Nextcloud as open source. Versions of the Nextcloud News app prior to 28.3.0-beta.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of the feed URL provided by users, which could lead to...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Versions of RayVentory Scan Engine 12.6 Update 8 and earlier contain security vulnerabilities. These vulnerabilities allow...

9.8CVSS5.8AI score0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:25 p.m.7 views

CVE-2026-40500

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector incapable of providing...

6.8CVSS6.5AI score0.00385EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/15 9:25 p.m.25 views

CVE-2026-40500

...

0.00385EPSS
Exploits0
CVE
CVE
added 2026/04/15 9:25 p.m.35 views

CVE-2026-40500

Summary: Multiple sources describe a server-side request forgery (SSRF) in ProcessWire CMS prior to 3.0.256 via the admin panel’s “Add Module From URL” feature. The vulnerability permits an authenticated administrator to supply arbitrary URLs to the module-download parameter, triggering outbound ...

5.9AI score0.00385EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/15 2:32 p.m.11 views

CVE-2026-4682

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices WSD scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allo...

8.7CVSS6.7AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.10 views

PT-2026-32517

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dns get record but the actual HTTP...

3.5CVSS6.4AI score0.00333EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/04/02 3:57 p.m.168 views

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

🧨 Metasploitable 2 Penetration Testing Lab 📅 Duration 2026...

10CVSS7.2AI score0.96184EPSS
Exploits36
Rows per page
Query Builder