Lucene search
K

2692 matches found

Nuclei
Nuclei
added 16 hours ago45 views

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

6.1CVSS6.7AI score0.16372EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-52725

A flaw was found in the @angular/core component. This vulnerability allows an attacker to bypass security restrictions when creating dynamic components. By manipulating the host element or selector, an attacker can force an Angular component to be mounted directly onto a script tag. This can resu...

6.8CVSS6.1AI score0.00238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55444

Name of the Vulnerable Software and Affected Versions AR for WordPress versions prior to 8.41 Description An unauthenticated directory traversal flaw exists in the file handling logic of the plugin. The issue occurs when the public AJAX functionality accepts a user-controlled file parameter witho...

7.5CVSS6AI score0.00459EPSS
Exploits0References12
OSV
OSV
added 2026/07/02 5:13 p.m.8 views

GHSA-4M3V-Q747-PC6H OpenClaw: Mattermost slash token revocation could lag until monitor refresh

Summary Mattermost slash token revocation could lag until monitor refresh. In affected versions, a caller with an old Mattermost slash token during the refresh window could continue accepting the old token until the monitor refreshed. This advisory is scoped to the named feature and configuration...

6.3CVSS6AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 4:36 p.m.7 views

GHSA-5PRR-V3J2-97MH Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Summary Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 3:2 p.m.10 views

CVE-2026-34356

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users. Mitigation To...

7.5CVSS5.5AI score0.00682EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 11:2 p.m.7 views

GHSA-PMQW-72CG-WX85 n8n: Credential Exfiltration via Permission Bypass

Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing i...

9.6CVSS6AI score0.00315EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 11:1 p.m.13 views

n8n: Denial of Service via ZIP decompression in webhook workflow

Impact The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to...

7.5CVSS5.4AI score0.00375EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 10:16 a.m.15 views

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:57 a.m.36 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:57 a.m.20 views

CVE-2026-10731

CVE-2026-10731 describes a SQL injection flaw in the two_steps_auth_code parameter processed by the twoStepsAuthVerification function in the /user-login endpoint of Nemon products. The vulnerability allows unauthenticated attackers to execute arbitrary SQL on the backend database, potentially ena...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/09 1:45 a.m.31 views

curl: curl-ipv4-percent-normalization-SSRF

Summary: six or fewer sentences describing the issue in your own human voice and optionally a short proof-of-concept script Affected version Which curl/libcurl version are you using to reproduce? On which platform? curl -V typically generates good output to include Steps To Reproduce: add details...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-47729

SQL injection in the ‘two steps auth code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL...

9.3CVSS6AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Nemon Trade Energy和Nemon Trade Energy CRM SQL注入漏洞

Nemon Trade Energy and Nemon Trade Energy CRM are both products of the Spanish company Nemon. Nemon Trade Energy is a platform for managing energy retail businesses. Nemon Trade Energy CRM is a platform for managing energy customer relationships. Both Nemon Trade Energy and Nemon Trade Energy CRM...

9.3CVSS6.3AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:20 p.m.40 views

CVE-2026-49755

Technical details beyond what’s in the Initial Description are not provided in the connected documents. Monitor for updates for specifics on affected versions, root cause, and remediation.

8.2CVSS5.5AI score0.00438EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45548

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.4AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.5AI score0.10659EPSS
Exploits2References1
Fedora
Fedora
added 2026/06/05 4:9 a.m.13 views

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-0.020-1.fc43

Writing extensions for various build tools can be a daunting task. This module tries to abstract steps of build processes into reusable building blocks for creating platform and build system agnostic executable descriptions of work...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Rows per page
Query Builder