Lucene search
K

2099 matches found

Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.74 views

📄 Jumbo Website Manager Shell Upload

Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.1 views

FreeBSD : Mozilla -- Incorrect boundary conditions (322bd409-33fb-11f1-8ac1-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 322bd409-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the...

8.8CVSS5.8AI score0.00304EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/03 5:4 p.m.6 views

[SECURITY] Fedora 42 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/18 6:31 p.m.6 views

EUVD-2026-12887

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

5.8AI score0.00114EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/18 5:41 p.m.23 views

CVE-2026-23256 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

0.00114EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/03/07 6:6 a.m.334 views

coruna

Coruna The leaked exploit toolkit for various iOS versions. E...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/03/06 11:4 a.m.34 views

CVE-2026-1468 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS0.00222EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/27 12:16 p.m.5 views

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.8AI score0.00352EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 11:35 a.m.7 views

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/27 11:35 a.m.5 views

CVE-2026-24352 Session Fixation in PluXml CMS

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

4.8CVSS5.9AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 11:35 a.m.7 views

CVE-2026-24351 Stored XSS in PluXml CMS

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS6AI score0.00177EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22332

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

5.1CVSS6AI score0.00177EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.5 views

Mozilla Thunderbird < 140.8

The version of Thunderbird installed on the remote Windows host is prior to 140.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-17 advisory. - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and...

10CVSS6.1AI score0.00604EPSS
Exploits0References38
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

Splunk Enterprise 9.2.0 < 9.2.11, 9.3.0 < 9.3.9, 9.4.0 < 9.4.7, 10.0.0 < 10.0.2 (SVD-2026-0203)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0203 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC...

6.8CVSS5.9AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...

8.6CVSS5.6AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 11:7 a.m.6 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00268EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/05 11:7 a.m.28 views

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.8 views

CVE-2025-12386

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

6.9CVSS5.9AI score0.00653EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/27 11:57 a.m.7 views

CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

6.9CVSS6AI score0.00659EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 11:57 a.m.32 views

CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

6.9CVSS0.00659EPSS
Exploits0References3
Rows per page
Query Builder