Lucene search
K

4392 matches found

Nuclei
Nuclei
added 5 hours ago56 views

Joomla! Agora 3.0.0b - Local File Inclusion

Joomla! Agora 3.0.0b comagora allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severit...

6.8CVSS6.3AI score0.05925EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago103 views

Ghost CMS <=4.32 - Cross-Site Scripting

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...

6.8CVSS6.6AI score0.07935EPSS
Exploits1References7
Nuclei
Nuclei
added 5 hours ago79 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87688EPSS
Exploits2References5
Nuclei
Nuclei
added 5 hours ago51 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.3AI score0.00929EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:59 p.m.3 views

MAL-2026-6895 Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:54 p.m.5 views

Malicious code in df-vision (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f31f7bc1ea70d57f022adc0005cee3e7e6190a458d9bc57a84b1c2966979db7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/01 2:16 p.m.3 views

UBUNTU-CVE-2026-53331

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...

5.8AI score0.00172EPSS
Exploits0References10
OSV
OSV
added 2026/06/26 6:47 p.m.3 views

GHSA-CCJC-4QC3-JXQC Incus has an arbitrary file write via path traversal in S3 multipart upload

Summary The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution. In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 4:16 p.m.10 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...

8.1CVSS5.9AI score0.00476EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

Python-Markdown version 3.8 contains a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Since Python-Markdown does not catch this exception, any application that processes Markdown controlled by...

8.2CVSS5.8AI score0.00566EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 8:46 p.m.5 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.9CVSS6AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:28 p.m.6 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:54 a.m.19 views

CVE-2026-46847

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Runtime Tools. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCent...

9.9CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.12 views

CVE-2026-35307

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

10CVSS0.00474EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.10 views

Malicious code in @mastra/temporal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214be711b41a8883e3252f0e9e41bc902d62da7650334b2efdc7424194989101 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.178 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2026/06/10 7:50 a.m.13 views

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS5.9AI score0.00553EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained a resource management vulnerability. This vulnerability stemmed from...

5.9CVSS5.3AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:17 p.m.13 views

MAL-2026-5376 Malicious code in @doaction/rrweb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6efd52baa69926a32dbac2a3c5eb53c361935e9a3386d2893bf2d7506ab4dfea @doaction/[email protected] is a dependency-confusion / namespace-impersonation package targeting the rrweb session-recording SDK ecosystem. The...

5.6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 7:50 p.m.11 views

CVE-2026-46287

A flaw was found in the Linux kernel's txgbe network driver. When removing a module for a copper Network Interface Card NIC with an external physical layer PHY, the driver failed to acquire the necessary RTNL Routing Netlink lock before disconnecting the PHY. This oversight can lead to an RTNL...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References4
Rows per page
Query Builder