Lucene search
+L

1398560 matches found

GithubExploit
GithubExploit
added 58 minutes ago6 views

FLOCK_CVE_SCANNER

FLOCKCVESCANNER Scan and exploit with permission Ov...

9.8CVSS5.4AI score0.01004EPSS
Exploits3
CVE
CVE
added 1 hour ago5 views

CVE-2026-16128

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiverthread of the file claw/services/swarm/swarm.c of the component httprequest. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The...

7.5CVSS7AI score
Exploits0References6
Circl
Circl
added 3 hours ago4 views

CVE-2024-58366

creationtimestamp| type| source ---|---|--- 2026-07-18 14:34:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqwicf6c5p2a...

9CVSS4.8AI score
Exploits0References1
Circl
Circl
added 3 hours ago4 views

CVE-2026-9323

creationtimestamp| type| source ---|---|--- 2026-07-18 14:34:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqwicdxykb2z 2026-07-18 15:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqwjrntoau2w...

9.2CVSS4.8AI score
Exploits0References2
Circl
Circl
added 4 hours ago5 views

CVE-2026-9147

creationtimestamp| type| source ---|---|--- 2026-07-18 13:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116941221213811825 2026-07-18 13:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqweqn3ya72g 2026-07-18 14:00:39+00:00| seen|...

8.5CVSS4.8AI score
Exploits0References3
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2024-58356 SurrealDB before 2.1.4 Permission Bypass via DEFINE TABLE OVERWRITE

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...

2.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2024-58356

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...

2.3CVSS5.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-16117

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS5.3AI score
Exploits0References3
NCSC
NCSC
added 7 hours ago6 views

WordPress vulnerabilities can be addressed through Automattic.

There are two vulnerabilities present in WordPress Core 6.8.6, 6.9.5, and 7.0.2. An unauthorized malicious individual can exploit these vulnerabilities to execute arbitrary code remotely. To do this, a malicious HTTP request must be sent to the batch API of a WordPress site. Since vulnerabilities...

9.8CVSS6.4AI score
Exploits19References2
CVE
CVE
added 9 hours ago7 views

CVE-2026-47870

CVE-2026-47870 affects VMware Avi Load Balancer. A malicious authenticated user with network access can potentially execute remote code due to a privilege-escalation flaw. Affected versions and fixes shown in public records: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30...

7.1CVSS5.5AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago27 views

WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

9.8CVSS8.5AI score0.16408EPSS
Exploits3References2
Nuclei
Nuclei
added 10 hours ago34 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS5AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 10 hours ago65 views

Brother Printers – Authentication Bypass via Default Admin Password

By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...

9.8CVSS8.4AI score0.23635EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago35 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS8.8AI score0.01643EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago14 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS4.7AI score0.0079EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago36 views

Moodle Jmol Filter 6.1 - Local File Inclusion

Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server. id: CVE-2025-34031 info: name: Moodle Jmol Filter 6.1 - Local File Inclusion author: madrobot severity: high description: | Moodle Jmol Filter 6.1 is...

8.7CVSS8.5AI score0.02963EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago131 views

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

Akamai CloudTest before 60 2025.06.02 12988 allows file inclusion via XML External Entity XXE injection. id: CVE-2025-49493 info: name: Akamai CloudTest 60 2025.06.02 - XML External Entity XXE author: xbow,3th1cyuk1 severity: critical description: | Akamai CloudTest before 60 2025.06.02 12988...

5.8CVSS5.9AI score0.03395EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago42 views

NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials

An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. id: CVE-2025-32815 info: name: NetMRI 7.6.1 - Authentication Bypass via Hardcoded Credentials author: iamnoooob,pdresearch severity: medium description: | An issue was discovered i...

6.5CVSS6.4AI score0.36935EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago44 views

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS9.3AI score0.04841EPSS
Exploits3References4
Nuclei
Nuclei
added 10 hours ago50 views

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: |...

9.8CVSS8.4AI score0.06172EPSS
Exploits1References1
Rows per page
Query Builder