Lucene search
K

318 matches found

NVD
NVD
added 11 hours ago3 views

CVE-2026-13014

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS
Exploits0References1
Nuclei
Nuclei
added 17 hours ago48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2026/07/02 8:17 p.m.24 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.8CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57623 WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability

Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...

9CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 8:54 p.m.26 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00472EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:37 p.m.38 views

CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:22 p.m.9 views

EUVD-2026-38245

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS6.4AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2026/06/20 1:16 p.m.15 views

CVE-2026-48909

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2026/06/17 5:50 a.m.14 views

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

10CVSS6.2AI score0.80425EPSS
Exploits19
Cvelist
Cvelist
added 2026/06/12 8:0 p.m.32 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS0.00164EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.7 views

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45723

Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu2016.437.295020260327 105545 Description Server-Side Template Injection SSTI occurs when an unauthenticated attacker injects arbitrary template expressions into the server, which are then executed. This...

9.3CVSS6AI score0.00557EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 5:9 p.m.17 views

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References3
OSV
OSV
added 2026/05/26 12:34 p.m.11 views

SUSE-SU-2026:2071-1 Security update for samba

This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server bsc1261160. - CVE-2026-4408: Remote Code Execution in SAMR bsc1261163. - CVE-2026-4480: Unauthenticated...

9.8CVSS5.8AI score0.12797EPSS
Exploits9References10
Vulnrichment
Vulnrichment
added 2026/05/21 4:27 a.m.12 views

CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS6.3AI score0.02163EPSS
Exploits4References12
GithubExploit
GithubExploit
added 2026/05/20 7:47 a.m.115 views

POCs

----- Summary - This is a POC for CVE-2026-34234 https://cve...

10CVSS5.8AI score0.00821EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in libjackson-json-java

A deserialization flaw was discovered in the Jackson-Databind library, in versions prior to 2.6.7.1, 2.7.9.1, and 2.8.9. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.2AI score0.37925EPSS
Exploits7References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.14 views

Astra Linux – Vulnerability in Jackson-Databind

A deserialization flaw was discovered in Jackson-Databind through version 2.9.10.4. This flaw could allow unauthenticated users to execute code via Ignite-JTA or Quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...

8.1CVSS7.1AI score0.03301EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References2
ICS
ICS
added 2026/05/19 6:0 a.m.26 views

ScadaBR

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

6.3AI score
Exploits0References13
Rows per page
Query Builder