Lucene search
K

658510 matches found

GithubExploit
GithubExploit
added 13 minutes ago2 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-23111 nftables LPE: exposure check and safe lab Def...

7.8CVSS5.9AI score0.00013EPSS
Exploits4
NVD
NVD
added 25 minutes ago2 views

CVE-2026-7870

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS
Exploits0References1
NVD
NVD
added 25 minutes ago2 views

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS
Exploits0References1
NVD
NVD
added 25 minutes ago1 views

CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

Exploits0References5
NVD
NVD
added 26 minutes ago3 views

CVE-2026-4096

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS
Exploits0References1
NVD
NVD
added 26 minutes ago2 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS
Exploits0References5
NVD
NVD
added 26 minutes ago2 views

CVE-2026-3341

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS
Exploits0References1
NVD
NVD
added 26 minutes ago2 views

CVE-2026-11839

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS
Exploits0References1
NVD
NVD
added 26 minutes ago2 views

CVE-2024-45636

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago6 views

CVE-2026-6338

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS
Exploits0References1
NVD
NVD
added 2 hours ago5 views

CVE-2026-8406

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS
Exploits0References3
NVD
NVD
added 2 hours ago5 views

CVE-2026-53661

Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...

8.8CVSS
Exploits0References3
NVD
NVD
added 2 hours ago5 views

CVE-2026-53723

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS
Exploits0References1
NVD
NVD
added 2 hours ago6 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS
Exploits1References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-10847

A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...

7.8CVSS
Exploits0References1
NVD
NVD
added 3 hours ago4 views

CVE-2026-7852

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

9.8CVSS
Exploits0References1
NVD
NVD
added 3 hours ago4 views

CVE-2026-48998

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS
Exploits0References1
NVD
NVD
added 3 hours ago5 views

CVE-2026-49214

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS
Exploits0References1
NVD
NVD
added 3 hours ago3 views

CVE-2026-11956

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS
Exploits0References6
Rows per page
Query Builder