Lucene search
K

4536 matches found

nvd
nvd
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/26 4:23 p.m.8 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1
nvd
nvd
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
osv
osv
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

2CVSS5.7AI score0.00117EPSS
Exploits0References6
debiancve
debiancve
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

5.5CVSS5.6AI score0.00117EPSS
Exploits0
nvd
nvd
added 2026/06/24 10:16 p.m.8 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/06/24 9:38 p.m.24 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
cve
cve
added 2026/06/24 4:29 p.m.14 views

CVE-2026-53050

CVE-2026-53050 affects the Linux kernel quota subsystem, where dquot_scan_active() can race with quota deactivation in quota_release_workfn(), potentially causing memory corruption or use-after-free under memory pressure. Verified in multiple sources; the workaround/mitigation is to remove the dq...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References8
osv
osv
added 2026/06/22 9:53 p.m.9 views

MAL-2026-6273 Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References6
githubexploit
githubexploit
added 2026/06/18 6:44 p.m.55 views

sentinelx

sentinelx SentinelX AI — Next-gen AI-powered cybersecurit...

5.3AI score
Exploits0
euvd
euvd
added 2026/06/17 3:5 p.m.11 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/06/15 7:52 p.m.65 views

VulnAnalyzer

🔍 VulnAnalyzer 2.1 A comprehensive automated vulnerability...

6AI score
Exploits0
githubexploit
githubexploit
added 2026/06/15 11:13 a.m.86 views

exploit-scripts

Offensive Security Toolkit ╔═════════════════════════════...

6AI score
Exploits0
cvelist
cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-50887

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

0.00287EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

0.00248EPSS
Exploits0References1
cve
cve
added 2026/06/15 12:0 a.m.18 views

CVE-2026-50888

The CVE-2026-50888 entry concerns an authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0. The underlying issue allows an authenticated attacker to cause the application to fetch internal resources by supplying a crafted ...

8.1CVSS5.3AI score0.00248EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49329

Name of the Vulnerable Software and Affected Versions Benjamin Jonard Koillection version 1.8.0 Description An authenticated Server-Side Request Forgery SSRF exists in the custom scraper subsystem component. This allows attackers to scan internal resources by supplying a crafted URL. SSRF is a fl...

8.1CVSS5.9AI score0.00248EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

0.00312EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49328

Name of the Vulnerable Software and Affected Versions shlink version 5.0.1 Description A Server-Side Request Forgery SSRF exists in the automatic short URL title resolution component. This allows attackers to scan internal resources by providing a crafted longUrl variable. Recommendations At the...

9.1CVSS5.9AI score0.00287EPSS
Exploits0References3
Rows per page
Query Builder