Lucene search
K

5190 matches found

Nuclei
Nuclei
added 7 hours ago21 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.9AI score0.14608EPSS
Exploits10References2
Nuclei
Nuclei
added yesterday16 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6.1AI score0.19761EPSS
Exploits4References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-14904

The CVE concerns AWS RES: an improper link resolution before file access (CWE-59) in Auth.GetUserPrivateKey could allow an authenticated remote user to substitute their SSH private key (~/.ssh/id_rsa) with a symlink and read arbitrary host files on the cluster-manager EC2 instance. Since the clus...

7.1CVSS6.2AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-53479

Dell PowerProtect Data Domain is affected: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an OS command injection due to improper neutralization of special elements. A remote high-privileged attacker could exploit this to bypass pr...

7.2CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42040

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-53481

Dell PowerProtect Data Domain is affected by a Path Traversal vulnerability (CVE-2026-53481) in versions 7.7.1.0–8.7, including LTS2026 (8.6.1.0–8.6.1.10), LTS2025 (8.3.1.0–8.3.1.30), and LTS2024 (7.13.1.0–7.13.1.70). An unauthenticated, remotely accessible attacker could exploit this to gain una...

9.8CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42036

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-53483

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...

9.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-48828

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-46587

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00199EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-49042

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00199EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2 days ago5 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.3CVSS0.00173EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS0.0027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score0.0027EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

6AI score0.00319EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder