Lucene search
+L

2998 matches found

Nuclei
Nuclei
added 14 hours ago147 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS5.8AI score0.37099EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago196 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.3AI score0.05238EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago76 views

WordPress GN Publisher <1.5.6 - Cross-Site Scripting

WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

6.1CVSS6.6AI score0.0126EPSS
Exploits3References5
NVD
NVD
added 3 days ago9 views

CVE-2026-55399

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-55399 Resource exhaustion vulnerability in the Secure Access publisher

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44805

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS6.1AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-55399

CVE-2026-55399 affects the Secure Access publisher prior to version 14.55. It is a resource-exhaustion vulnerability where attackers with valid credentials to the Secure Access tunnel can trigger a non-persistent DoS against the publisher. CVSS v4.0 base score is 5.1 (Medium), with network attack...

5.1CVSS6.1AI score0.00217EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60299

Name of the Vulnerable Software and Affected Versions Secure Access publisher versions prior to 14.55 Description A resource exhaustion issue exists in the Secure Access publisher. Attackers possessing valid credentials for the Secure Access tunnel can trigger a non-persistent Denial of Service...

5.1CVSS6.1AI score0.00217EPSS
Exploits0References5
CVE
CVE
added 4 days ago19 views

CVE-2026-13001

Affected software : Podlove Podcast Publisher for WordPress. Vulnerability : arbitrary file uploads caused by missing file type validation in the podlove_handle_cache_files function, affecting all versions up to and including 4.5.1. Impact : unauthenticated attackers could upload arbitrary files ...

9.8CVSS6.5AI score0.01079EPSS
Exploits3References4
OSV
OSV
added 4 days ago6 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-58720

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions prior to 4.5.2 Description Missing file type validation in the podlove handle cache files function allows unauthenticated attackers to upload arbitrary files to the server. This flaw in the image cache can le...

9.8CVSS6.4AI score0.01079EPSS
Exploits3References7
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago13 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.1AI score
Exploits0References4
EUVD
EUVD
added 2026/07/01 11:28 a.m.10 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54628

Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...

8.7CVSS5.9AI score0.0019EPSS
Exploits1References6
Schneier on Security
Schneier on Security
added 2026/06/25 5:3 p.m.13 views

AI and Liability

Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/17 4:41 a.m.9 views

MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

5.4AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/15 11:7 a.m.28 views

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/11 4:9 p.m.11 views

Google can be liable for false AI Overviews, court rules

A German court has ruled that Google can be held directly responsible for defamatory claims produced by its AI Overviews. Basically, the court said that telling people they should double-check AI search results is not enough to deny liability for what those results say. This kind of warning may n...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/09 5:25 p.m.11 views

MAL-2026-5432 Malicious code in @webda-features/dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3698e6d2d9b93092104883c8f7e4ffcd602d31d3fd3ae2574850ea6ad15e8437 The package is an empty wrapper index.js contains only module.exports = ; whose sole effect on install is to resolve a single dependency declared as ...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:18 p.m.24 views

MAL-2026-5430 Malicious code in @sourceflow-uk/sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5bcccc37c380ce54f5bfc2bc2311fbefb6ebc3400a397cbc4afc2188fb3c11d package.json declares a dependency ltidisafe whose version specifier is the raw URL https://storage.googleapis.com/lscunpentest/packuxfoundry.tgz — a...

5.5AI score
Exploits0References1
Rows per page
Query Builder