Lucene search
+L

440561 matches found

GithubExploit
GithubExploit
added 21 minutes ago2 views

Exploit for CVE-2026-60137

wp2shell Pre-authentication Remote Code Execution against Wor...

9.8CVSS
Exploits16
NVD
NVD
added 2 hours ago4 views

CVE-2024-58364

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2024-58361

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS
Exploits0References2
NVD
NVD
added 3 hours ago5 views

CVE-2026-16158

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2024-58364 SurrealDB before 1.2.1 Denial of Service via Parsing Error

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS
Exploits0References2
CVE
CVE
added 3 hours ago6 views

CVE-2024-58364

CVE-2024-58364 affects SurrealDB before 1.2.1. An uncaught exception in the span rendering path triggers a panic when parsing malformed queries with errors on line terminator characters, leading to server denial of service. Public details in the connected sources indicate the impact is an in-proc...

7.1CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2024-55680

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 hours ago4 views

CVE-2024-58364

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS5.3AI score
Exploits0References3
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2024-58361 SurrealDB before 2.0.4 Denial of Service via Parser Exception

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS
Exploits0References2
CVE
CVE
added 3 hours ago6 views

CVE-2024-58361

SurrealDB is affected in versions before 2.0.4 by an uncaught exception in the parser error rendering path when processing empty strings. Authorized clients can issue malformed queries that convert empty strings to record, duration, or datetime types, triggering a panic in error rendering and cra...

7.1CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2024-55677

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2024-58361

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-16158 @fastify/reply-from vulnerable to cross-upstream request routing via URL cache key collision

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS
Exploits0References2
CVE
CVE
added 4 hours ago8 views

CVE-2026-16158

Affected component: @fastify/reply-from. Versions 8.3.1 up to, but not including, 12.6.4 construct an internal URL cache key by concatenating destination and source paths without a delimiter, enabling cross-upstream data access when getUpstream selects an upstream from request data. This can caus...

8.7CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-45373

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-16158

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 7 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.4.0 Vulnerability Details CVEID:CVE-2026-35469 DESCRIPTION: spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 fram...

9.8CVSS4.5AI score0.06488EPSS
Exploits4Affected Software1
GithubExploit
GithubExploit
added 8 hours ago22 views

deep-pentest-skill

Deep Pentest Skill !License: MIThttps://img.shields.io/bad...

6.2AI score
Exploits0
Nuclei
Nuclei
added 8 hours ago32 views

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7.5AI score0.04231EPSS
Exploits1References1
Nuclei
Nuclei
added 8 hours ago30 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS8.7AI score0.18671EPSS
Exploits0References3
Rows per page
Query Builder