Lucene search
K

23555 matches found

Nuclei
Nuclei
added yesterday55 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.6AI score0.7165EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday236 views

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

9.8CVSS7.8AI score0.50224EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday553 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS8AI score0.98342EPSS
Exploits7References6
Nuclei
Nuclei
added yesterday20 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.2AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday7 views

UniFi Network Application - Path Traversal

UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access. id: CVE-2026-22557 info: name: UniFi Network Application - Path Traversal...

10CVSS7.4AI score0.15601EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday61 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.2AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday147 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.1AI score0.05238EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-58523

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-58290

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00255EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41583

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41582

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00414EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-41650

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.6CVSS6.1AI score0.00419EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago59 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.9AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago32 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...

9.8CVSS7.7AI score0.0837EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago15 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.1AI score0.37366EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41444

Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network...

4.8CVSS5.8AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41443

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00622EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-55640

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...

7.5CVSS6.3AI score0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-55631

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where access to a resource using an incompatible type, known as type confusion, allows an unauthorized attacker to execute code over a network. Type...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References4
Rows per page
Query Builder