Lucene search
K

6405 matches found

Nuclei
Nuclei
added yesterday17 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS6.1AI score0.00594EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
NVD
NVD
added 4 days ago8 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS0.00222EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42830

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS6AI score0.00222EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in fastify-addone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b9e477cff478ab071039c18c3adb6577a07cc1d82687b9e7d7cd2594dc9ddf The package presents itself as fastify-plugin name fastify-addone, repository/homepage/bugs fields point at fastify/fastify-plugin and copies that...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago12 views

Malicious code in @luminarycloudinternal/lcvis-st (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...

5.9AI score
Exploits0References4
OSV
OSV
added last week4 views

PYSEC-2026-1452 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

7CVSS6AI score0.00229EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 8:48 a.m.9 views

EUVD-2026-41860

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS0.00649EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:15 a.m.6 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References3
NVD
NVD
added 2026/07/03 3:16 a.m.9 views

CVE-2026-12960

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 2:0 a.m.11 views

EUVD-2026-41482

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS5.8AI score0.00116EPSS
Exploits0References1
Circl
Circl
added 2026/07/01 2:51 a.m.8 views

CVE-2026-43704

creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:28+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/01 1:22 a.m.13 views

[SECURITY] Fedora 43 Update: python-django-haystack-3.4.0-1.fc43

Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:37 a.m.32 views

CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.25 views

PT-2026-54432

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53829

Name of the Vulnerable Software and Affected Versions PROMOD V affected versions not specified Description PROMOD V uses insecure HTTP communication instead of HTTPS. This issue occurs because the third-party Digipede server does not support HTTPS, which allows data to be transmitted without...

7CVSS5.9AI score0.00347EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 9:11 a.m.16 views

MAL-2026-6592 Malicious code in maplibre-gl-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a46347c152553bd008255683dd927e5f25233224d3c6f1df6ae87533350b5815 The package advertises itself as MapLibre GL bindings for Vue 3 and re-exports the upstream maplibre-gl API, but on import it unconditionally injects...

5.9AI score
Exploits0References4
Rows per page
Query Builder