Lucene search
K

50 matches found

Cvelist
Cvelist
โ€ขadded 2026/06/05 7:18 p.m.โ€ข27 views

CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS0.00311EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/05/11 8:59 p.m.โ€ข33 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
CNNVD
CNNVD
โ€ขadded 2026/05/11 12:0 a.m.โ€ข8 views

exiftool-vendored ๅ‚ๆ•ฐๆณจๅ…ฅๆผๆดž

exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the โ€œ-stayopen True -โ€ mode, where strings...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/06 12:0 a.m.โ€ข13 views

PT-2026-38253

Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References11
Github Security Blog
Github Security Blog
โ€ขadded 2026/05/05 7:53 p.m.โ€ข10 views

exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/05 12:0 a.m.โ€ข14 views

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/12/15 12:0 a.m.โ€ข3 views

Linux Distros Unpatched Vulnerability : CVE-2025-65430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2025/11/28 12:0 a.m.โ€ข5 views

PT-2025-48348

๐Ÿ” ๐‹๐š๐ญ๐ž๐ฌ๐ญ ๐‚๐•๐„ ๐›๐ซ๐ž๐š๐ค๐๐จ๐ฐ๐ง ๐š๐ฏ๐š๐ข๐ฅ๐š๐›๐ฅ๐ž ๐ง๐จ๐ฐ! Oracle CVE-2024-21854 is under active attack even after being patched. Learn why patch delays are dangerous and how to stay secure. ๐ŸŒ Explore the write-up โ†’ https://t.co/YSCfFvYLPP Join the discussion and tell us what you think!...

6.9AI score
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข4 views

EUVD-2025-14208

Malicious code in bioql PyPI...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2025/08/14 6:52 p.m.โ€ข4 views

Malicious code in react-stay-scrolled-examples (npm)

The package react-stay-scrolled-examples was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
โ€ขadded 2025/08/14 6:52 p.m.โ€ข3 views

MAL-2025-31856 Malicious code in react-stay-scrolled-examples (npm)

The package react-stay-scrolled-examples was found to contain malicious code...

7.2AI score
Exploits0
Citrix
Citrix
โ€ขadded 2025/03/28 12:0 a.m.โ€ข9 views

iOS Workspace App 2501.10 - How to Fix Login Hang at "Stay Signed In" Prompt

Users of the Citrix Workspace app on iOS devices may experience a hang or freeze at the "Stay Signed In" prompt after adding their Citrix Cloud workspace URL. The app becomes unresponsive, preventing users from selecting either "Allow" or "Deny."...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
โ€ขadded 2024/11/25 2:53 p.m.โ€ข11 views

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and...

7AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2024/04/19 12:0 a.m.โ€ข3 views

PT-2024-40005 ยท Unknown ยท Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue allows access to the platform despite authentication being enabled, as previously logged-in sessions remain valid. The expected behavior is that all previously connected...

7.1AI score
Exploits0References6
CNNVD
CNNVD
โ€ขadded 2024/01/17 12:0 a.m.โ€ข2 views

WordPress plugin Traffic Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS6.5AI score0.00369EPSS
Exploits0References3
Malwarebytes
Malwarebytes
โ€ขadded 2023/08/16 11:15 a.m.โ€ข19 views

Beware malware posing as beta versions of legitimate apps, warns FBI

The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. The victims are typically contacted on dating sites and social media, and in some cases they are promised incentives such as large financial payouts...

6.7AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2023/03/07 12:0 a.m.โ€ข5 views

Google Android ไปฃ็ ้—ฎ้ข˜ๆผๆดž

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

8.4CVSS7.3AI score0.00123EPSS
Exploits0References3
Trend Micro Simply Security
Trend Micro Simply Security
โ€ขadded 2023/02/01 12:0 a.m.โ€ข9 views

Monthly Threat Webinar Series in 2023: What to Expect

Stay informed and stay ahead...

1.6AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2022/12/05 12:0 a.m.โ€ข4 views

Google Pixel ๅฎ‰ๅ…จๆผๆดž

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...

5.5CVSS5.7AI score0.00157EPSS
Exploits0References4
CNNVD
CNNVD
โ€ขadded 2022/12/05 12:0 a.m.โ€ข6 views

Google Pixel ่ทฏๅพ„้ๅކๆผๆดž

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...

6.7CVSS6.5AI score0.00133EPSS
Exploits0References3
Rows per page
Query Builder