Lucene search
K

4528 matches found

EUVD
EUVD
added yesterday10 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday42 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7.2AI score0.73267EPSS
Exploits3References2
Cvelist
Cvelist
added 4 days ago38 views

CVE-2025-71375 picklescan - Undetected Remote Code Execution via _operator.methodcaller

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2025-71375

The CVE-2025-71375 issue affects the Python package picklescan (prior to 0.0.34) and stems from failure to detect the built-in function _operator.methodcaller when scanning pickle files for malicious code. This oversight allows attackers to craft pickle payloads that evade detection and can lead ...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References2
Nuclei
Nuclei
added 5 days ago88 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.7AI score0.61736EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 5 days ago6 views

SUSE CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS7.3AI score0.00463EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week26 views

CVE-2026-20216

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added last week3 views

CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS6AI score0.00463EPSS
Exploits0
Cisco
Cisco
added last week11 views

ClamAV Vulnerabilities Affecting Cisco Products: July 2026

Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service DoS condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details "details" section of this advisory. For additional information on these vulnerabilities ...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
CVE
CVE
added last week23 views

CVE-2026-6684

CVE-2026-6684 affects FatFs prior to R0.16 when GPT scanning is used with FF_LBA64 = 1. The issue stems from an unbounded loop count derived from the GPT header field GPTH_PtNum, leading to extremely long or effectively infinite mount-time scans (CWE-835: Loop with Unreachable Exit Condition). Af...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
OSV
OSV
added last week4 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54705

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A flaw in the 7z file format parser allows an unauthenticated remote attacker to cause a Denial of Service DoS condition. The issue stems from improper boundary checks for content in 7z files...

7.8CVSS7.3AI score0.00389EPSS
Exploits0References13
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/26 4:23 p.m.7 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

2CVSS5.7AI score0.00161EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

5.6AI score0.00161EPSS
Exploits0
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/24 9:38 p.m.14 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder