Lucene search
K

814 matches found

Nuclei
Nuclei
added yesterday18 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...

9.8CVSS6.2AI score0.58431EPSS
Exploits1References3
Metasploit
Metasploit
added 4 days ago18 views

FTP Fetch, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/peinject/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...show and set...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago16 views

FTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/ftp/x86/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago13 views

FTP Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...

6.2AI score
Exploits0
OSV
OSV
added 2026/07/02 3:24 p.m.10 views

USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.14 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
OSV
OSV
added 2026/06/27 2:21 p.m.9 views

MAL-2026-6546 Malicious code in ryan-pdf-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3d966501b5f533318c26b54887cd29b3cd6c9495035a0f74519ba349357e3eb [email protected] is an empty stub package index.js exports whose sole purpose is to deliver an off-registry payload at install time. Its package.js...

6.2AI score
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53179

CVE-2026-53179 affects the Linux kernel, specifically the staging rtl8723bs driver. The vulnerability is a buffer over-read in rtw_update_protection: a pointer inside the ies buffer is used with the full ie_length, allowing reads beyond the intended data. This is a local impact issue with HIGH se...

7.1CVSS6AI score0.00131EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – A memory leak was fixed in the event of a failure path. The cfg80211informbssframe function may return NULL in the event of a failure. In such cases, the allocated buffer ‘buf’ is not freed, and the function...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 12:0 p.m.6 views

MAL-2026-6311 Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.1AI score
Exploits0References6
OSV
OSV
added 2026/06/19 3:12 p.m.49 views

MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...

6.7AI score
Exploits0References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed a potential memory leak in rtwinitdrvsw. In rtwinitdrvsw, various initialization functions are called to populate the padapter structure, and certain checks are performed on their return values. However...

5.5CVSS5.7AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 p.m.14 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 9:16 p.m.13 views

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.1CVSS5.7AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 9:16 p.m.12 views

UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/12 8:6 p.m.8 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.6AI score0.00268EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 8:6 p.m.34 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/12 8:6 p.m.11 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1
CVE
CVE
added 2026/06/12 8:6 p.m.21 views

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.27 views

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

7.6CVSS6.1AI score0.00268EPSS
Exploits1References4
Rows per page
Query Builder