Lucene search
K

6187 matches found

Nuclei
Nuclei
added yesterday15 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS6.1AI score0.03366EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago34 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.9AI score0.43683EPSS
Exploits5References4
Nuclei
Nuclei
added 3 days ago52 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.5AI score0.59798EPSS
Exploits1References5
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.3AI score0.00578EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-54069

SiYuan Note

9.2CVSS5.9AI score0.00607EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 7:29 a.m.4 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.15 views

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

9.8CVSS7.5AI score0.97107EPSS
Exploits15References4
Snyk
Snyk
added 2026/06/22 9:10 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMX RMI connector. An attacker can execute arbitrary code on the server by sending specially crafted serialized Java objects prior to authentication. Note: This is only exploitable if the JMX...

9.8CVSS6.2AI score
Exploits0References2
Wolfi
Wolfi
added 2026/06/22 8:20 p.m.8 views

GHSA-VM85-HXW5-5432 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

9.8CVSS6.6AI score0.12797EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-12199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its...

7.5CVSS7.1AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 3:53 p.m.14 views

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

5.3CVSS5.8AI score0.0023EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in etcd

A cross-site request forgery flaw was discovered in etcd 3.3.1 and earlier. An attacker can create a website that attempts to send a POST request to the etcd server and modify a key. Adding a key is done using a PUT operation, so it seems theoretically safe but PUT operations cannot be performed...

8.8CVSS7.2AI score0.01266EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

7.5CVSS7AI score0.19008EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...

9.1CVSS7.8AI score0.02674EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

4.9CVSS6.7AI score0.04643EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/18 6:1 p.m.8 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.3AI score0.00445EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49891

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. An unauthenticated attacker with network access via HTTP can...

9CVSS5.9AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 11:16 p.m.12 views

CVE-2026-46692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS0.00092EPSS
Exploits0References1
Rows per page
Query Builder