Lucene search
K

451358 matches found

Cvelist
Cvelist
added 19 minutes ago2 views

CVE-2026-15475 MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS
Exploits0References6
CVE
CVE
added 19 minutes ago2 views

CVE-2026-15475 MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-15473 Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS
Exploits0References5
CVE
CVE
added 1 hour ago2 views

CVE-2026-15473 Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS
Exploits0References5
The Hacker News
The Hacker News
added yesterday7 views

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets includ...

6.1AI score
Exploits0
NVD
NVD
added yesterday7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-43184

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday12 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday15 views

CVE-2026-61454

CVE-2026-61454 affects Grav's Admin2 plugin prior to 2.0.4. The vulnerability arises from embedding a global JavaScript variable, window.GRAV_CONFIG , in the Admin2 SPA bootstrap page at /grav/admin and subroutes. This object is returned in every unauthenticated response and exposes server URL, A...

8.7CVSS6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added yesterday28 views

Exploit for Code Injection in Ejs

CVE-2022-29078 | EJS SSTI → RCE 화이트햇 스쿨 4기 32반 - 우상범 @t...

9.8CVSS6.7AI score0.32386EPSS
Exploits6
GithubExploit
GithubExploit
added yesterday31 views

tetragon-lab

How it works This poc use copyfail exploit to overwrite page-...

7.8CVSS7AI score0.96267EPSS
Exploits230
Rockylinux
Rockylinux
added yesterday4 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

8.8CVSS6.6AI score0.00176EPSS
Exploits3
Rockylinux
Rockylinux
added yesterday5 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.3CVSS6.7AI score0.0053EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday36 views

mcp-atlassian-poc

mcp-atlassian-poc Proof of concept for an arbitrary file read...

6.2AI score
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-15010

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-1382

The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-6939

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approvalcode' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00273EPSS
Exploits0References11
NVD
NVD
added yesterday5 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
NVD
NVD
added yesterday6 views

CVE-2026-12126

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
NVD
NVD
added yesterday6 views

CVE-2026-12103

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00267EPSS
Exploits0References10
Rows per page
Query Builder