Lucene search
K

43270 matches found

Nuclei
Nuclei
added yesterday79 views

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

9.8CVSS7AI score0.98067EPSS
Exploits3References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-41781

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-41785

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References7
EUVD
EUVD
added yesterday7 views

EUVD-2026-41794

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References9
NVD
NVD
added yesterday4 views

CVE-2026-14783

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00333EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-55979

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.1CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-55870

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin probe duration of the file src/filters/load text.c of the component TeXML File Handler. Such manipulation of the argument txml timescale leads to divide by zero. An...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-55869

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References7
OSV
OSV
added yesterday2 views

UBUNTU-CVE-2026-14801

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References9
OSV
OSV
added yesterday2 views

UBUNTU-CVE-2026-14761

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...

4.8CVSS5.1AI score0.00115EPSS
Exploits1References10
Packet Storm
Packet Storm
added yesterday20 views

📄 Xerte Online Toolkits 3.15 Unauthenticated Remote Code Execution

Python remote code execution proof of concept exploit for Xerte Online Toolkits targeting multiple vulnerabilities in the elFinder file manager integration. ================================================================================================================================== | Title :...

9.8CVSS6.6AI score0.03575EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-14783 NousResearch hermes-agent skills_tool.py skill_view path traversal

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-14783 NousResearch hermes-agent skills_tool.py skill_view path traversal

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS0.00333EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-14783

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2 days ago9 views

CVE-2026-14783

NousResearch hermes-agent 2026.5.29.2 is affected; the vulnerability is in skills_tool.py, function skill_view, where manipulating the Name argument enables path traversal via a remote attack. Public disclosure of the exploit exists. A patch identified as 56f833efa427ccb444c0f9ad1759af1012f2124d ...

5.3CVSS5.6AI score0.00333EPSS
Exploits0References8
NVD
NVD
added 2 days ago4 views

CVE-2026-14772

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS0.00269EPSS
Exploits0References6
NVD
NVD
added 2 days ago4 views

CVE-2026-14771

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14772

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Rows per page
Query Builder