Lucene search
K

17153 matches found

Nuclei
Nuclei
added 18 hours ago80 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 22 hours ago5 views

Malicious code in dotnet-runtime-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c10c75766303f8c3bf261487e341e537f103116026309006ab71d977aacdd235 The package's postinstall lifecycle script package.json line 7: "postinstall": "node install.js" runs install.js, which on Windows writes a PowerShel...

6.2AI score
Exploits0References3
Fedora
Fedora
added yesterday8 views

[SECURITY] Fedora 43 Update: libXfont2-2.0.8-1.fc43

X.Org X11 libXfont2 runtime library...

8.8CVSS6.1AI score0.00643EPSS
Exploits0
NVD
NVD
added 2 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago21 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7AI score0.97788EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57442

Name of the Vulnerable Software and Affected Versions Grav Admin2 plugin versions prior to 2.0.4 Description The plugin embeds a global JavaScript variable window. GRAV CONFIG in the Admin2 SPA bootstrap page at the '/grav/admin' endpoint and its subroutes. This object is returned in every...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References7
NVD
NVD
added 3 days ago8 views

CVE-2026-14480

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS0.00616EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-54063

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.00575EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.00575EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42937

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...

8.7CVSS6.1AI score0.00409EPSS
Exploits2References8
Fedora
Fedora
added 3 days ago6 views

[SECURITY] Fedora 44 Update: libXfont2-2.0.8-1.fc44

X.Org X11 libXfont2 runtime library...

8.8CVSS5.9AI score0.00643EPSS
Exploits0
RedHat Linux
RedHat Linux
added 4 days ago6 views

Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...

8.7CVSS6AI score0.00656EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: IBM i is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to partial denial-of-service DoS CVE-2026-22021, CVE-2026-22018 and unauthorized access to data CVE-2026-22016, CVE-2026-22013,...

7.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56921

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...

9.9CVSS6.5AI score0.00616EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago4 views

Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...

8.7CVSS6AI score0.00656EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42300

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS6AI score0.00358EPSS
Exploits1References3
Rows per page
Query Builder