Lucene search
K

67192 matches found

CVE
CVE
added yesterday17 views

CVE-2026-46637

CVE-2026-46637 concerns Twig (PHP template engine). Before 3.26.0, the filters in twig/markdown-extra (html_to_markdown, markdown_to_html) and twig/cssinliner-extra (inline_css) were registered with is_safe => [all], causing their output to be treated as safe in contexts where escaping is requ...

5.1CVSS6.1AI score0.0006EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in cosmos-gradio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...

6.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-15643

CVE-2026-15643 concerns AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) prior to 0.0.14. A server-side request forgery in the pagination handling component can be exploited by a remote authenticated user to exfiltrate AWS temporary security credentials to an attacker-controlled endpoint...

9.2CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added yesterday11 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday21 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday15 views

CVE-2026-50489 Win32k Elevation of Privilege Vulnerability

...

8.8CVSS
Exploits0References1
Microsoft KB
Microsoft KB
added yesterday38 views

May 12, 2026-KB5087053 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 and Windows 10 Version 22H2

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43655

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score0.0062EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-58319 Apache Doris: Improper Authentication in Frontend HTTP API

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

0.00255EPSS
Exploits0References1
CVE
CVE
added yesterday20 views

CVE-2026-56451

Opcenter X (all versions

10CVSS6.1AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday76 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure

A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...

8.7CVSS6.1AI score0.03692EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday8 views

LatePoint <= 5.0.11 - SQL Injection

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS6.1AI score0.02823EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday64 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday31 views

FortiOS - Insecure LDAP Configuration Detection

The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...

6.5CVSS6.8AI score0.18566EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday18 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.3AI score0.06263EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS6.1AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added yesterday10 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday12 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7AI score0.00578EPSS
Exploits1References1
Rows per page
Query Builder