Lucene search
K

330 matches found

Nuclei
Nuclei
added yesterday356 views

Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

9.8CVSS6.5AI score0.89138EPSS
Exploits2References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 5:16 p.m.9 views

CVE-2026-14620

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.3 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

DEBIAN-CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS5.9AI score0.00844EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/26 11:32 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 4:32 p.m.3 views

GHSA-PR7J-96CJ-549H Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API

Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:1 a.m.11 views

CVE-2026-46751

CVE-2026-46751 affects Apache Kvrocks (2.2.0–2.15.0). The root cause is that Kvrocks does not remove the unsafe loadstring function from its Lua sandbox, enabling a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of...

5.5CVSS5.8AI score0.00324EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in libssh

A vulnerability has been identified in libssh up to version 0.11.3. The affected element is the function sftpextensionsgetname/sftpextensionsgetdata in the file src/sftp.c of the SFTP Extension Name Handler component. Performing operations on the argument idx can lead to out-of-bounds read...

7.5CVSS6AI score0.00631EPSS
Exploits0References3
Debian
Debian
added 2026/06/21 5:43 p.m.6 views

[SECURITY] [DSA 6360-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6360-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...

9.2CVSS5.8AI score0.08942EPSS
Exploits1
Snyk
Snyk
added 2026/06/18 6:35 p.m.7 views

Unsafe Dependency Resolution

Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted prompt...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.7 views

Unsafe Dependency Resolution

Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 3:5 p.m.6 views

GHSA-CF98-J28V-49V6 OpenFGA Improper Policy Enforcement

Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization decisions rely on case-sensitive use...

2.1CVSS5.4AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:9 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of token scope restrictions in the /api/v1/user route group. An attacker can gain unauthorized access to or modify private account resources by using a token or OAuth grant marked as public-only,...

8.6CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:20 p.m.12 views

Buffer Overflow

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Buffer Overflow in the Buffer API. An attacker can cause application crashes or trigger incorrect memory allocations by...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 5:16 a.m.11 views

UBUNTU-CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.5AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-40914

A flaw was found in Apache ActiveMQ Artemis. An authenticated user, with existing permissions to send or consume messages via the STOMP protocol, could bypass intended access controls. This vulnerability allows the user to modify the routing-type of an address, even without the necessary...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References4
Rows per page
Query Builder