Lucene search
K

19594 matches found

Nuclei
Nuclei
added 14 hours ago39 views

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

7.5CVSS7.1AI score0.08348EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago118 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.1AI score0.11595EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago68 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago24 views

LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

10CVSS6.2AI score0.09357EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago86 views

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

7.8CVSS7AI score0.15737EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago74 views

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

4.3CVSS6.7AI score0.02569EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago171 views

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

5.4CVSS6.3AI score0.01675EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago57 views

LionWiki <3.2.12 - Local File Inclusion

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. id: CVE-2020-27191 info: name: LionWiki 3.2.12 - Local File Inclusion author: 0xAkoko severity: high description: LionWiki before...

7.5CVSS7AI score0.08361EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday63 views

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

8.6CVSS7.1AI score0.30628EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday35 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6.1AI score0.43192EPSS
Exploits2References2
NVD
NVD
added yesterday7 views

CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43257

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday34 views

CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
OSV
OSV
added yesterday3 views

UBUNTU-CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rl...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References2
Fedora
Fedora
added 2 days ago11 views

[SECURITY] Fedora 43 Update: chromium-150.0.7871.114-1.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

9.6CVSS6.1AI score0.00306EPSS
Exploits1
Fedora
Fedora
added 2 days ago7 views

[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42977

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42652

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

0.00289EPSS
Exploits0References1
Rows per page
Query Builder