Lucene search
K

1272 matches found

Nuclei
Nuclei
added 10 hours ago205 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7AI score0.03757EPSS
Exploits1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15497 SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS0.00394EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-15485

TRENDnet TEW-821DAP 1.11B03 contains a flaw in the DNS Lookup Handler (function sub_43F2C4 in /goform/tools_nslookup) that allows os command injection via manipulation of nslookup_target/dns_server. The vulnerability can be triggered remotely. The vendor notes these items are EOL; no current conf...

6.5CVSS6.5AI score0.0105EPSS
Exploits0References5
CVE
CVE
added 6 days ago14 views

CVE-2026-8800

CVE-2026-8800 concerns an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected software is MOVEit Transfer; impact involves unauthorized access across confidentiality, integrity, and availability (CVSS v3.1 base score 8.8, HIGH). Affected versions are MO...

8.8CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-57243

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS0.00107EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago4 views

WordPress picu plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by xwii in WordPress Plugin picu versions = 3.5.1...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56340

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF and JavaScript performs operations on the page and document. This causes page-related objects to lose synchronization, while t...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-21369

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS0.0006EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:9 p.m.5 views

EUVD-2026-41927

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS6AI score0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2026-21369

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS6AI score0.0006EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55989

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto affected versions not specified Description Memory corruption occurs when handling flash commands. This issue is caused by the use of outdated LED count values following modifications made in userspace. Recommendations...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 4:9 p.m.3 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)

Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...

7.5CVSS7.1AI score0.00486EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-13957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject...

4.2CVSS6.2AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.8 views

CVE-2026-53018

A flaw was found in the Linux kernel's f2fs filesystem. During garbage collection, a race condition can occur when a page is moved and updated, but the system attempts to read it again from an outdated location. This can trigger a kernel bug, leading to a system crash and a denial of service DoS....

5.8AI score0.00166EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-107 (ALASKERNEL-5.15-2026-107)

The version of kernel installed on the remote host is prior to 5.15.209-147.245. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-107 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch...

9.8CVSS6.6AI score0.00554EPSS
Exploits1References156
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51130

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References11
CVE
CVE
added 2026/06/12 2:27 a.m.20 views

CVE-2026-48613

Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...

5.9CVSS6.7AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder