Lucene search
K

38568 matches found

Circl
Circl
added yesterday3 views

CVE-2026-55944

creationtimestamp| type| source ---|---|--- 2026-07-14 21:08:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqn4ha43uo2z 2026-07-14 22:02:11+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:01:43+00:00| seen|...

9.8CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-55010

creationtimestamp| type| source ---|---|--- 2026-07-14 21:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqn4dmzkrj2q 2026-07-14 22:02:06+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:35+00:00| exploited|...

9.8CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday5 views

CVE-2026-58617

creationtimestamp| type| source ---|---|--- 2026-07-14 20:42:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqn2yvy7q72t 2026-07-14 22:02:40+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:02:12+00:00| seen|...

8.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS
Exploits1References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

Exploits1References1
CVE
CVE
added yesterday13 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS7.2AI score
In wildExploits1References2
CVE
CVE
added yesterday6 views

CVE-2026-62656

The CVE-2026-62656 entry concerns post-authenticated command injection affecting certain NETGEAR RAX models. A logged-in user can send specially crafted requests to the router to run unauthorized commands, enabling changes to the router and impacting security/operation. The vulnerability targets ...

6.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-62658

NETGEAR Nighthawk RAX series routers (RAX45, RAX43, RAX50, RAX54sv2) are affected by CVE-2026-62658, a post-authentication vulnerability that could allow a logged-in user to execute arbitrary commands or code on the device. The CVSS 4.0 base score is 5.7 (MEDIUM) with high integrity impact and ad...

5.7CVSS6.2AI score
Exploits0References4
Circl
Circl
added yesterday3 views

CVE-2026-58476

creationtimestamp| type| source ---|---|--- 2026-07-14 16:42:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmnn6ps442w...

8.1CVSS6.1AI score
Exploits2References1
Circl
Circl
added yesterday3 views

CVE-2026-14903

creationtimestamp| type| source ---|---|--- 2026-07-14 15:49:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmkoeal2u2x 2026-07-14 21:19:56+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-696...

7.7CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-14902

creationtimestamp| type| source ---|---|--- 2026-07-14 15:48:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmkl6x6la25 2026-07-14 21:19:53+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-696...

4CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-12511

creationtimestamp| type| source ---|---|--- 2026-07-14 09:27:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlvdarid52e 2026-07-15 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqng3cfyza2o...

8.1CVSS6.1AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-59674 LPE from suricata user to root due to chown in %post in suricata packaging

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1...

8.5CVSS0.00129EPSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-59674

CVE-2026-59674 affects openSUSE Tumbleweed surfacing a local privilege escalation in suricata packaging due to a symlink follow vulnerability in the post-install script. Connected details indicate the issue involves the libsuricata8 package (version 8.0.5-2.1 and earlier) and is fixed in 8.0.5-2....

8.5CVSS6.1AI score0.00129EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday205 views

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

6.5CVSS6.6AI score0.0186EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday13 views

WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting

The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an...

6.1CVSS7AI score0.00709EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday122 views

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

5.3CVSS6.2AI score0.09545EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday44 views

Mlflow - Cross-Site Scripting

The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request, which is then reflected back to the user without proper sanitization or escaping. id: CVE-2023-6568 info: name: Mlflow - Cross-Site Scripting author: ritikchaddha severity: medium...

6.5CVSS6.6AI score0.01649EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday95 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday16 views

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS6.2AI score0.01881EPSS
Exploits0References4
Rows per page
Query Builder