Lucene search
K

9365 matches found

ATTACKERKB
ATTACKERKB
added 14 hours ago6 views

CVE-2025-8412

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 14 hours ago9 views

CVE-2025-8412 VMDP: Potential buffer overflow in the RtlQueryRegistryValues function

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS
Exploits0References1
EUVD
EUVD
added 14 hours ago5 views

EUVD-2025-210459

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 15 hours ago63 views

Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection

Cryptocurrency Widgets Pack Plugin =1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2022-44588 info: name: Cryptocurrency Widgets Pack ...

9.9CVSS7.2AI score0.02268EPSS
Exploits0References2
Nuclei
Nuclei
added 15 hours ago8 views

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

9.8CVSS7.5AI score0.04262EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 21 hours ago4 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details CVEID:CVE-2026-11714 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-sid...

9.8CVSS6.1AI score0.00203EPSS
Exploits0Affected Software1
NVD
NVD
added yesterday8 views

CVE-2026-57432

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS
Exploits0References3
OSV
OSV
added yesterday3 views

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-57432

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS6.2AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday33 views

CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

Exploits0References2
Nuclei
Nuclei
added yesterday27 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
NVD
NVD
added 3 days ago7 views

CVE-2026-15010

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43165

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 3 days ago16 views

CVE-2026-15010

The CVE-2026-15010 entry concerns the bbp Style Pack plugin for WordPress, vulnerable to Stored Cross-Site Scripting (XSS) in versions up to and including 6.4.5 via the Topic Form Additional Fields feature. Root causes are insufficient input sanitization in bsp_topic_fields_form_save(), which wri...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15010 bbp style pack <= 6.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Topic Form Additional Fields

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
Metasploit
Metasploit
added 4 days ago23 views

FTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline

Fetch and execute an x86 payload from an FTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago18 views

FTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline (x64)

Fetch and execute an x64 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago21 views

FTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)

Fetch and execute an x64 payload from an FTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...

7.5CVSS6.1AI score0.00354EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in testudo-pack (npm)

The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...

6.2AI score
Exploits0References2
Rows per page
Query Builder