Lucene search
K

414 matches found

ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score0.00175EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Mozilla Thunderbird < 140.12.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.31 views

CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:55 a.m.17 views

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

4.9CVSS5AI score0.00437EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 8:57 p.m.14 views

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.15 views

CVE-2025-69105

Technical details (affected versions beyond Modernee

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.39 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS6.7AI score0.98191EPSS
Exploits20References3
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.10 views

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1. An upgraded version of the package is available that resolves this issue...

8.2CVSS5.2AI score0.00423EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4. A patched version of the package is available...

8.5CVSS5.2AI score0.00175EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...

9.8CVSS5.2AI score0.00413EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/12 8:7 p.m.32 views

CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.3CVSS0.00166EPSS
Exploits1References1
NVD
NVD
added 2026/06/12 2:16 a.m.12 views

CVE-2026-45170

Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17...

8.8CVSS0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...

5.9CVSS5.2AI score0.0015EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder