Lucene search
+L

346 matches found

nuclei
nuclei
added yesterday23 views

WooCommerce Help Scout - Arbitrary File Upload

WooCommerce Help Scout plugin before version 2.9.1 contains an unrestricted file upload vulnerability. The vulnerability allows unauthenticated users to upload arbitrary files to the server which by default will end up in wp-content/uploads/hstmp/ directory, potentially leading to remote code...

9.8CVSS7.3AI score0.07908EPSS
Exploits2References3
osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-750 Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...

8.2CVSS5.7AI score0.01095EPSS
Exploits1References8
osv
osv
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-749 Path Traversal in scout-browser

Scout is a Variant Call Format VCF visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to sendfile call in versions prior to 4.52...

6.8CVSS5.9AI score0.01296EPSS
Exploits1References9
packetstormnews
packetstormnews
added 2026/06/08 12:0 a.m.12 views

Semantic Multi-Agent Intrusion Detection for IoT:Zero-Day and Adversarial Threats with Risk-Aware Reasoning

The rapid proliferation of Internet of Things IoT devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.10 views

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.11 views

CVE-2026-49325

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

4.6CVSS5.5AI score0.0016EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.13 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS5.5AI score0.00174EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41191

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

7.1CVSS5.5AI score0.00211EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 7:52 p.m.12 views

CVE-2026-45294 FreeScout: User Account Enumeration via Password Reset Response Differentiation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 7:52 p.m.41 views

CVE-2026-45294 FreeScout: User Account Enumeration via Password Reset Response Differentiation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS0.0021EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 2:16 p.m.17 views

CVE-2026-49325

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

4.6CVSS0.0016EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 2:16 p.m.22 views

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS0.00181EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 2:16 p.m.16 views

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS0.00143EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 1:18 p.m.13 views

CVE-2026-49318 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
cve
cve
added 2026/05/29 1:18 p.m.26 views

CVE-2026-49318

This CVE affects the Infotainment / Digital Round display in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an incorrect behavior order during boot: the system uses the presence of Wireless Control Module (WCM) traffic as a proxy for whether an immobilizer is fitted....

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 1:18 p.m.13 views

EUVD-2026-33313

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 1:18 p.m.45 views

CVE-2026-49318 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS0.00143EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 1:16 p.m.24 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS0.00174EPSS
Exploits0References1
cve
cve
added 2026/05/29 12:42 p.m.22 views

CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder