Lucene search
K

920047 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.56 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
NVD
NVD
added 40 minutes ago3 views

CVE-2026-14634

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-14634

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score
Exploits0References7
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-14634 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Subscribed Emails Admin MY_Controller.php checkForPostRequests cross site scripting

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS
Exploits0References7
CVE
CVE
added 1 hour ago6 views

CVE-2026-14634

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago4 views

EUVD-2025-210427

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-41677

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score
Exploits0References8
NVD
NVD
added 2 hours ago5 views

CVE-2026-14630

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS
Exploits0References7
GithubExploit
GithubExploit
added 3 hours ago16 views

Exploit for CVE-2026-57517

Control Web Panel 0.9.8.1224 — Blind SQL Injection to Remot...

9.8CVSS6.9AI score0.00587EPSS
Exploits2
CVE
CVE
added 3 hours ago7 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score
Exploits0References7
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 hours ago5 views

CVE-2026-14630

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score
Exploits0References7Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago5 views

Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110b8556d612185c2c6ea84731898d4f23f04658556e1ff22852f953b956e43a The package.json postinstall script executes a Node one-liner that opens a TCP connection to the hardcoded IP 185.112.147.174 on port 7007 and spawns...

6.7AI score
Exploits0References1
OSV
OSV
added 4 hours ago4 views

MAL-2026-6756 Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110b8556d612185c2c6ea84731898d4f23f04658556e1ff22852f953b956e43a The package.json postinstall script executes a Node one-liner that opens a TCP connection to the hardcoded IP 185.112.147.174 on port 7007 and spawns...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago6 views

Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References1
OSV
OSV
added 4 hours ago4 views

MAL-2026-6755 Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References1
NVD
NVD
added 4 hours ago4 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS
Exploits0References1
GithubExploit
GithubExploit
added 5 hours ago8 views

Exploit-Chain-Suggester

Exploit Chain Suggester v2.0.0 A CLI tool for penetration tes...

6.2AI score
Exploits0
CVE
CVE
added 5 hours ago4 views

CVE-2025-13475

CVE-2025-13475 describes cross-tenant data exposure in multi-tenant deployments due to mis-isolation of consent scopes in the application consent management mechanism. A user’s consent for a SaaS application in one tenant could be incorrectly applied to similarly named applications in other tenan...

3.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS
Exploits0References1
Rows per page
Query Builder