Lucene search
K

1400 matches found

Nuclei
Nuclei
added 7 hours ago16 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.3AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago13 views

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS6.2AI score0.22547EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday7 views

Adobe ColdFusion - RDS Arbitrary File Write

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. The RDS FILEIO WRITE operation allows unauthenticated...

10CVSS7.5AI score0.28583EPSS
Exploits3References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in fastify-addone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b9e477cff478ab071039c18c3adb6577a07cc1d82687b9e7d7cd2594dc9ddf The package presents itself as fastify-plugin name fastify-addone, repository/homepage/bugs fields point at fastify/fastify-plugin and copies that...

6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-54753

A flaw was found in Nx, a monorepo solution for managing multiple projects. The local HTTP server, started by the nx graph command, incorrectly sent an Access-Control-Allow-Origin: header in its responses. This misconfiguration allows a remote attacker to read sensitive project information, such ...

5.9CVSS6.1AI score0.00812EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in next-locomotive-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a11400eaa7dd74b24610ec815438de047089be7005b94c37717fa2b6f916ab6 The package's declared postinstall script reads the installer's OS username via os.userInfo.username and the machine hostname via os.hostname, compos...

6.2AI score
Exploits0References5
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56195

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description UpdateCacheMiddleware and the cache page decorator cache responses that vary on cookies when the incoming request contains unrelated cookies. This behavior allows...

7.5CVSS6.2AI score0.62575EPSS
Exploits0References80
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40740

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:39 p.m.18 views

CVE-2026-14118

Chrome DevTools in Google Chrome suffers from insufficient data validation , allowing a remote attacker to leak cross-origin data if a user is coerced into specific UI gestures on a crafted HTML page. Affected versions are prior to 150.0.7871.47 . Mitigation: upgrade to 150.0.7871.47 or later. CV...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:39 p.m.18 views

CVE-2026-14071

CVE-2026-14071 describes a side-channel information leakage in WebAudio of Google Chrome, where a remote attacker could leak cross-origin data via a crafted HTML page. The vulnerability affects Chrome prior to version 150.0.7871.47. The available connected documents consistently indicate the issu...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:39 p.m.16 views

CVE-2026-14050

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-14050.

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.7 views

CVE-2026-13935

Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00299EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.20 views

CVE-2026-13892

CVE-2026-13892 concerns Chrome for iOS before version 150.0.7871.47, where an inappropriate implementation allowed a remote attacker who lured a user into specific UI gestures to leak cross-origin data via a crafted HTML page. The issue affects Chrome on iOS (Chromium-based) and has a Medium seve...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:50 p.m.15 views

CVE-2026-11595

CVE-2026-11595 affects IBM WebSphere Application Server 9.0 and 8.5. The IBM Security Bulletin describes a path traversal vulnerability in the administrative console’s integrated help system that could allow a remote attacker to obtain sensitive information. Affected products/versions include Web...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 12:0 a.m.10 views

CVE-2026-37453

MSI Center’s NBFoundation Service (MSIAPService.exe) has CVE-2026-37453: an insecure named pipe (\.\pipe\MSI_SERVICE_2) exposed to all authenticated users that allows untrusted clients to perform arbitrary memory and I/O-port read/write via the WinIO wrapper. Root cause is unauthenticated access ...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 10:18 p.m.8 views

MAL-2026-6405 Malicious code in sypoi1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11 On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via winget install -e --id Python.Python.3.12...

5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/19 9:17 p.m.12 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: 9p: fixed a refcount leak in error handling of p9readwork. - p9reqput must be called when m-rreq-rc.sdata is NULL to avoid a temporary refcount leak. Dominique: made changes to the commit message, fixed arguments for...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder