Lucene search
K

9720 matches found

NVD
NVD
added yesterday6 views

CVE-2026-57801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS0.00496EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
CVE
CVE
added 3 days ago8 views

CVE-2026-7620

CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
Metasploit
Metasploit
added 4 days ago18 views

FTP Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show...

6.2AI score
Exploits0
NVD
NVD
added 4 days ago8 views

CVE-2026-56813

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42876

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 4 days ago10 views

CVE-2026-56813

The CVE-2026-56813 issue affects the Elixir Plug library (Plug.Conn.Cookies.encode/2). It enables attribute injection in Set-Cookie headers by not neutralizing the ; delimiter, allowing an attacker to inject or override cookie attributes (e.g., Domain, Path, or flags like Secure/HttpOnly) when at...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-15187

A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the Enquirer.set function by manipulating the question.name argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify...

5.3CVSS6.1AI score0.00248EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

6.8CVSS6.1AI score0.00298EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2025-58146

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2025-58146 XAPI UTF-8 string handling

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210446

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 5 days ago36 views

CVE-2025-58146

CVE-2025-58146 affects Xen/XAPI: three issues in UTF-8 handling and input sanitisation of XAPI database. (1) Unsanitised input used for notifications can terminate the database event thread and stop processing. (2) UTF-8 encoder aligns with Unicode v3.0 while libraries use v3.1, allowing strings ...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
CVE
CVE
added 5 days ago7 views

CVE-2026-15187

The CVE-2026-15187 issue affects the enquirer package (versions up to 2.4.1) and specifically the Enquirer.set function. The root cause is a prototype pollution vulnerability caused by manipulating the argument name (question.name), allowing improper modification of object prototype attributes. I...

5.3CVSS5.6AI score0.00248EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15187 enquirer Public Package API Enquirer.set prototype pollution

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...

5.3CVSS0.00248EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.0037EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 6 days ago26 views

CVE-2026-59880 Immutable.js: Hash-collision algorithmic complexity denial of service in Immutable.Map/Set

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.0037EPSS
Exploits1References5
Rows per page
Query Builder