Lucene search
K

853211 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.247 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 42 minutes ago4 views

iwaf-web-attack-detection

WAF Attack Detection — Machine Learning Classifier A machine...

5.8AI score
Exploits0
Cvelist
Cvelist
added 43 minutes ago2 views

CVE-2026-14327 AR for WordPress <= 8.40 - Unauthenticated Arbitrary File Read via 'file' Parameter

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS
Exploits0References6
CVE
CVE
added 43 minutes ago3 views

CVE-2026-14327 AR for WordPress <= 8.40 - Unauthenticated Arbitrary File Read via 'file' Parameter

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score
Exploits0References6
Fedora
Fedora
added 1 hour ago2 views

[SECURITY] Fedora 43 Update: cpp-httplib-0.48.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS6.7AI score0.00632EPSS
Exploits6
Fedora
Fedora
added 1 hour ago2 views

[SECURITY] Fedora 44 Update: 7zip-26.02-1.fc44

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

5.8AI score
Exploits0
Fedora
Fedora
added 1 hour ago2 views

[SECURITY] Fedora 44 Update: cpp-httplib-0.48.0-1.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

9.9CVSS7.1AI score0.00632EPSS
Exploits5
GithubExploit
GithubExploit
added 1 hour ago4 views

Page-Builder-CK-Exploit

Page Builder CK — fonts.save RCE Probe BlackHat Team proo...

5.9AI score
Exploits0
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 1 hour ago7 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
NVD
NVD
added 1 hour ago4 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score
Exploits0References3
F5 Networks
F5 Networks
added yesterday1 views

K000161886: NPM CLI vulnerabilities CVE-2019-16775, CVE-2019-16776, and CVE-2019-16777

Security Advisory Description CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the...

8.1CVSS5.9AI score0.03342EPSS
Exploits0Affected Software12
Cvelist
Cvelist
added yesterday9 views

CVE-2026-13054 WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

7.8CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

5.8AI score0.0019EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

GHSA-JPHH-M39H-6GWX 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder