Lucene search
K

7101 matches found

Nuclei
Nuclei
added yesterday50 views

Joomla! Component com_jresearch - 'Controller' Local File Inclusion

A directory traversal vulnerability in jresearch.php in the J!Research comjresearch component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1340 info: name: Joomla! Component comjresearch - 'Controller' Local Fi...

5CVSS6.2AI score0.13621EPSS
Exploits1References4
OSV
OSV
added 2026/07/07 11:45 a.m.3 views

PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...

4.8CVSS6.7AI score0.00691EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2026/07/07 9:10 a.m.11 views

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in...

9.3CVSS8.2AI score0.84446EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55983

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/06/27 12:19 p.m.17 views

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI on Friday released three versions of GPT-5.6 , called Sol, Terra, and Luna , as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficien...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/25 9:54 p.m.4 views

GHSA-Q62C-H75R-2XHC ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition

A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. Credit Aisle Research Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51818

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description Envoy can translate a downstream HTTP/3 request that is complete at the transport layer but contains a...

7.5CVSS5.7AI score0.00298EPSS
Exploits1References20
Circl
Circl
added 2026/06/23 2:34 p.m.5 views

CVE-2026-55555

creationtimestamp| type| source ---|---|--- 2026-06-23 14:34:07+00:00| published-proof-of-concept| https://hakaisecurity.io/explorando-geradores-de-pdf-0-days-em-90-milhoes-de-alvos-por-mes/research-blog 2026-06-23 14:34:07+00:00| published-proof-of-concept|...

5.8AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/16 6:24 a.m.125 views

Exploit for CVE-2026-20262

cve-id ⚡ Simple Usage Use this project only in safe and...

8.7CVSS8.6AI score0.07683EPSS
Exploits15
The Hacker News
The Hacker News
added 2026/06/15 7:44 p.m.22 views

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...

5.6AI score
Exploits0
NVD
NVD
added 2026/06/15 2:16 a.m.16 views

CVE-2026-12203

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS0.00402EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/15 1:0 a.m.40 views

CVE-2026-12203 HKUDS AI-Trader Research Export agents.csv information disclosure

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS0.00402EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 1:0 a.m.15 views

EUVD-2026-36678

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5.4AI score0.00402EPSS
Exploits0References9
CVE
CVE
added 2026/06/15 1:0 a.m.33 views

CVE-2026-12203

HKUDS AI-Trader (up to commit 74caf996f78dcc0c657df8365c8544678a16e215) contains an information disclosure vulnerability in the Research Export component, affecting an unknown part of the /api/research/agents.csv endpoint. Manipulation of that endpoint can disclose information and is exploitable ...

6.9CVSS5.4AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49164

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5AI score0.00402EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49342

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.10.0 Description The Shareable Playground feature, also known as Public Flows, allows unauthenticated users to execute workflows via a public link. A flaw in this feature enables arbitrary file reading depending on...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.82 views

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:30 a.m.20 views

Malicious code in npm-sandbox-research-9c4e (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24c86d7d2179375f642423fc8c38f58f5740b543bacab149ba8d4cbdcd7dc4cf On install, package.json runs node run.js via a postinstall lifecycle hook. The package ships beacon scripts beacon9.js, beaconlinux.js that import...

5.9AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.26 views

DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities

One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept PoC inputs is therefore essential for assessing real-world impact. The key challenge is identifying necessary constraints for triggering the vulnerability and solving them...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.54 views

📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection

This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by PostgreSQL. ================================================================================================================================== | Title :...

9.8CVSS6.1AI score0.84631EPSS
Exploits14
Rows per page
Query Builder