Lucene search
+L

1398902 matches found

Chainguard
Chainguard
added yesterday7 views

GHSA-RWW4-4W9C-7733 vulnerabilities

Vulnerabilities for packages: mcp-atlassian...

5.3AI score
Exploits0
Circl
Circl
added yesterday7 views

CVE-2026-9147

creationtimestamp| type| source ---|---|--- 2026-07-18 13:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116941221213811825 2026-07-18 13:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqweqn3ya72g 2026-07-18 14:00:39+00:00| seen|...

8.5CVSS4.8AI score
Exploits0References3
OSV
OSV
added yesterday4 views

MINI-93CQ-RJQ3-6RF7

Bulletin has no description...

9.1CVSS4.2AI score0.00373EPSS
Exploits0
Cvelist
Cvelist
added yesterday12 views

CVE-2024-58356 SurrealDB before 2.1.4 Permission Bypass via DEFINE TABLE OVERWRITE

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...

2.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2024-58356

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...

2.3CVSS5.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16117

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS5.3AI score
Exploits0References3
NCSC
NCSC
added yesterday10 views

WordPress vulnerabilities can be addressed through Automattic.

There are two vulnerabilities present in WordPress Core 6.8.6, 6.9.5, and 7.0.2. An unauthorized malicious individual can exploit these vulnerabilities to execute arbitrary code remotely. To do this, a malicious HTTP request must be sent to the batch API of a WordPress site. Since vulnerabilities...

9.8CVSS6.4AI score0.08946EPSS
Exploits30References2
CVE
CVE
added yesterday8 views

CVE-2026-47870

CVE-2026-47870 affects VMware Avi Load Balancer. A malicious authenticated user with network access can potentially execute remote code due to a privilege-escalation flaw. Affected versions and fixes shown in public records: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30...

7.1CVSS5.5AI score0.0039EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday101 views

Cacti - Cross-Site Scripting

Cacti contains a cross-site scripting vulnerability via "http:///authchangepassword.php?ref=alert1" which can successfully execute the JavaScript payload present in the "ref" URL parameter. id: CVE-2021-26247 info: name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium descriptio...

6.1CVSS5.9AI score0.07124EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday80 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.8AI score0.03125EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday106 views

Python Flask-Security - Open Redirect

Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. A...

6.1CVSS6.6AI score0.03289EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday73 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7.3AI score0.07845EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday53 views

VelotiSmart Wifi - Directory Traversal

VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...

9.8CVSS8.4AI score0.3757EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday20 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS5.2AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added yesterday13 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS5.5AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday44 views

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

6.1CVSS5.8AI score0.00955EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday30 views

Helmet Store Showroom - Cross Site Scripting

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. id: CVE-2022-46073 info: name: Helmet Store Showroom - Cross Site Scripting author: Harsh severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. impact: | Successful exploitation of...

6.1CVSS6AI score0.01235EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday49 views

Online Birth Certificate System 1.2 - Stored Cross-Site Scripting

Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters. id: CVE-2022-29005 info:...

6.1CVSS6.2AI score0.0212EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday56 views

WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting

WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page. id: CVE-2022-0150 info: name: WordPress Accessibility Helper 0.6.0.7 - Cross-Site...

6.1CVSS5.8AI score0.01718EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday52 views

WordPress Shareaholic <9.7.6 - Information Disclosure

WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated before 9.7.5 and authenticated in 9.7.5 users, allowing them to possibly obtain sensitive...

5.3CVSS5.7AI score0.01633EPSS
Exploits2References5
Rows per page
Query Builder