Lucene search
K

3021 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14749

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS6.8AI score
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-41755

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS5.8AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-14722

TidGi-Desktop (tiddly-gittly) up to 0.13.0 is affected by a vulnerability in the Git Repository Import path, specifically src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts, enabling code injection. The issue is triggered by manipulation of the referenced function and is exploitable rem...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday28 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14691

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6Affected Software1
CVE
CVE
added yesterday11 views

CVE-2026-14691

CVE-2026-14691 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability resides in the function update_settings_info of the file classes/SystemSettings.php (Setting Handler). Manipulating the argument content[] enables code injection. The attack is described as ...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-41714

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago34 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7.1AI score0.10695EPSS
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-14145

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-54089

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...

4.7CVSS6.2AI score0.00184EPSS
Exploits0References5
NVD
NVD
added 2026/06/28 3:16 p.m.13 views

CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS0.00311EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-13500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53111

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...

7.5CVSS7.5AI score0.00311EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:8 p.m.3 views

Security Bulletin: Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows

Summary Langflow OSS contains unauthenticated server-side RCE via PythonCodeStructuredTool executing attacker-controlled Python through exec at flow-build time. Sink in execself.toolcode, globals, localnamespace where toolcode is attacker-controlled template field. Two paths: A Authenticated POST...

10CVSS6AI score0.00314EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7388

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5.3AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.3AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6603

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46731

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML Universal Cross-Site Scripting - UXSS via a crafted QR code. This occurs...

9.6CVSS6.1AI score0.00985EPSS
Exploits0References433
Rows per page
Query Builder