Lucene search
K

27216 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.361 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Nuclei
Nuclei
added 5 hours ago123 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.6AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago73 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.4AI score0.20457EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday12 views

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

8.8CVSS6.2AI score0.31405EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday249 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
Nuclei
Nuclei
added yesterday48 views

Cisco Secure Firewall ASA & FTD - Authentication Bypass

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should...

8.6CVSS6.9AI score0.85543EPSS
Exploits0References2
Fedora
Fedora
added 2 days ago6 views

[SECURITY] Fedora 43 Update: libssh2-1.11.1-9.fc43

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

9.2CVSS7.1AI score0.00732EPSS
Exploits11
Fedora
Fedora
added 3 days ago5 views

[SECURITY] Fedora 43 Update: openssh-10.0p1-10.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

6.5CVSS6.2AI score0.00367EPSS
Exploits2
NVD
NVD
added 4 days ago8 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59996

A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...

5.4CVSS6AI score0.00241EPSS
Exploits0References6
Metasploit
Metasploit
added 4 days ago14 views

HTTPS Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 32-bit payload from an HTTPS server. dup2 socket in s1, then execve. Listen for a connection Module Options msf use payload/cmd/linux/https/riscv32le/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show optio...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago13 views

HTTPS Fetch, Linux dup2 Command Shell, Reverse TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. dup2 socket in s1, then execve. Connect back to the attacker Module Options msf use payload/cmd/linux/https/riscv64le/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago12 views

HTTPS Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. dup2 socket in s1, then execve. Listen for a connection Module Options msf use payload/cmd/linux/https/riscv64le/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show optio...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago13 views

HTTPS Fetch

Fetch and execute a script to determine the host arch and execute a payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/multi/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf...

6.2AI score
Exploits0
CVE
CVE
added 4 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 5 days ago10 views

CVE-2026-45788

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS0.00466EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-45788

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS5.8AI score0.00466EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-45788

CVE-2026-45788 affects the open-source forum software Discourse . The issue: prior to 2026.6.0 , and also before 2026.5.1 , 2026.4.2 , and 2026.1.5 , secure uploads could be exposed via pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enab...

6.3CVSS5.8AI score0.00466EPSS
Exploits0References9
Rows per page
Query Builder