Lucene search
K

4101 matches found

Nuclei
Nuclei
added yesterday11 views

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection

The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

7.5CVSS7AI score0.02221EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6.1AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday54 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

4.8CVSS6AI score0.01424EPSS
Exploits1References3
NVD
NVD
added 4 days ago6 views

CVE-2026-57850

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53449

A flaw was found in Coturn, an open-source TURN and STUN server. An authenticated administrator with command-line interface CLI access could exploit a vulnerability in the psd print sessions dump command. This flaw allows the administrator to overwrite arbitrary files on the system that are...

6CVSS6.2AI score0.00176EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 5 days ago7 views

CVE-2026-57030

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...

8.2CVSS0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57030 Junos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...

8.2CVSS0.00381EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-57030

CVE-2026-57030 describes a race condition in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series. The vulnerability occurs during flow timeout handling in stateful traffic processing: a race when setting a flow’s timeout can cause the value to be set to an abnormally hig...

8.2CVSS6AI score0.00381EPSS
Exploits0References1Affected Software1
OSV
OSV
added last week6 views

CVE-2026-49229 Actual: Disabled OpenID users keep access through existing session tokens

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-43918

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 9:18 p.m.34 views

CVE-2026-43918 Suspended or inactive FOSSBilling accounts can retain or regain access through existing sessions, API tokens, and password reset flows

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:18 p.m.5 views

CVE-2026-43918

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/02 7:49 p.m.15 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 5:17 p.m.3 views

UBUNTU-CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS6AI score0.00384EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:6 p.m.8 views

GHSA-6C4R-G249-WV3C OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts

Summary Sandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt. This advisory is scoped to the named feature and configuration. It does...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55313

Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...

9.4CVSS6AI score0.00423EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.17 views

PT-2026-55224

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently enforce permissions on...

6.1AI score0.0018EPSS
Exploits0References3
Rows per page
Query Builder