Lucene search
K

699297 matches found

Nuclei
Nuclei
added yesterday92 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.7AI score0.02273EPSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-43095

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday47 views

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

6.1CVSS6.4AI score0.44513EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday12 views

Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. id: CVE-2024-0801 info: name: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll author: daffainfo severity: high description: | A denial of service vulnerability exists i...

7.5CVSS7AI score0.41843EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday72 views

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned...

7.8CVSS7AI score0.7977EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday74 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

9CVSS7.2AI score0.75196EPSS
Exploits5References5
CVE
CVE
added 2 days ago6 views

CVE-2026-42952

CVE-2026-42952 concerns the Hydro-Québec Le Circuit Électrique charging-station backend. The issue is an improper restriction of excessive authentication attempts due to lack of throttling, which could enable a denial-of-service condition. Technical details in the connected records indicate an ex...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43043

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

6.1AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43034

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

6.1AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-41154

The CVE-2026-41154 entry describes a GPU DDK issue where software run as a non-privileged user can trigger out-of-bounds (OOB) kernel memory reads/writes via GPU API calls. The root cause is an incorrect buffer/index calculation in the page freeing logic for the sparse memory implementation when ...

6.1AI score0.00167EPSS
Exploits0References1
Circl
Circl
added 2 days ago5 views

CVE-2026-54063

creationtimestamp| type| source ---|---|--- 2026-07-10 20:35:19+00:00| published-proof-of-concept| https://github.com/qax-os/excelize/security/advisories/GHSA-h69g-9hx6-f3v4 2026-07-10 23:37:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcwqstcx2s 2026-07-11 00:55:06+00:0...

7.5CVSS6.1AI score0.00575EPSS
Exploits0References4
Circl
Circl
added 2 days ago3 views

CVE-2026-54068

creationtimestamp| type| source ---|---|--- 2026-07-10 20:35:17+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gcm7-57gf-953c 2026-07-11 04:41:43+00:00| seen| https://gist.github.com/alon710/5b22d6c437eabc82b89ba6fa8ccee27d...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References2
Circl
Circl
added 2 days ago3 views

CVE-2026-54071

creationtimestamp| type| source ---|---|--- 2026-07-10 20:35:04+00:00| published-proof-of-concept| https://github.com/funstory-ai/BabelDOC/security/advisories/GHSA-m8gf-v64p-gfmg...

6.1AI score
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS0.00452EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS0.00522EPSS
Exploits0References6
Circl
Circl
added 2 days ago5 views

CVE-2026-54088

creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxokhktk2v 2026-07-10 20:35:07+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm 2026-07-11...

9.3CVSS6.1AI score0.00533EPSS
Exploits0References4
Circl
Circl
added 2 days ago5 views

CVE-2026-54089

creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z 2026-07-10 20:35:14+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm 2026-07-11...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2 days ago5 views

CVE-2026-55233

OpenResty vulnerable versions: 1.29.2.1–1.29.2.4. A PROXY protocol v2 header construction in the stream patch can cause an out-of-bounds write, crashing the worker and causing a denial of service. This affects only configurations that enable PROXY protocol v2 for upstream connections. The issue i...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
Rows per page
Query Builder