Lucene search
K

286 matches found

GithubExploit
GithubExploit
added 2026/04/26 3:36 p.m.112 views

angband

Angband - Kernel Exploit Framework A staged, modular framew...

4.3CVSS5.4AI score0.00707EPSS
Exploits7
OSV
OSV
added 2026/04/08 2:45 p.m.6 views

BIT-DISCOURSE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3,and 2026.2.0 to before 2026.2.2, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been patched in versions 2026.1.3 and 2026.2.2...

6.9CVSS5.7AI score0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/04 10:54 p.m.5 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 10:16 p.m.10 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:27 p.m.2 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/03 9:27 p.m.2 views

EUVD-2026-18882

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 9:27 p.m.15 views

CVE-2026-34947

CVE-2026-34947 affects Discourse. Versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 expose staged user custom fields and username on public invite pages without email verification. The issue has been patched in 2026.1.3, 2026.2...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 9:27 p.m.3 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 9:27 p.m.26 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.16 views

PT-2026-30244

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.266 views

HTTPS Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show action...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.221 views

HTTPS Fetch, Windows Command Shell, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/shell/bindhiddentcp msf payloadbindhiddentcp show actions...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.160 views

HTTP Fetch, Windows Command Shell, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.170 views

HTTP Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show actions...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17388

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 12:16 p.m.3 views

CVE-2026-32988

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS0.0008EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32988

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.26 views

CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS0.0008EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29235

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

7.5CVSS5.9AI score0.0008EPSS
Exploits0References3
Rows per page
Query Builder