Lucene search
K

49044 matches found

Nuclei
Nuclei
added 10 hours ago107 views

Adobe ColdFusion - Cross-Site Scripting

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code...

5.4CVSS6.7AI score0.37095EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago12 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7AI score0.00568EPSS
Exploits1References1
NVD
NVD
added 4 days ago7 views

CVE-2026-0281

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

7.1CVSS0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-15164

A flaw was found in Wireshark, specifically within its ciscodump component. This vulnerability allows an attacker to trigger a crash, leading to a Denial of Service DoS. The issue can be exploited through user interaction, making the affected component unavailable...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References5
NVD
NVD
added last week6 views

CVE-2026-48267

DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

5.5CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-41920

DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

5.5CVSS6AI score0.00139EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-48316

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.01396EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-48316 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS7.9AI score0.01396EPSS
Exploits0References1
CVE
CVE
added last week176 views

CVE-2026-48316

CVE-2026-48316 affects Adobe ColdFusion versions 2025.9, 2023.20 and earlier and is an Improper Input Validation vulnerability that could enable arbitrary code execution in the current user context without user interaction. Remediation: update to ColdFusion 2023 Update 21 or ColdFusion 2025 Updat...

10CVSS7.9AI score0.01396EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.5 views

PT-2026-55996

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.1 2536 and earlier Description A NULL Pointer Dereference occurs when the software attempts to read from a memory address that is NULL, causing the application to crash. This issue can lead to a denial-of-service condition...

5.5CVSS6.1AI score0.00139EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 4:17 a.m.5 views

CVE-2026-20463

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

6.7CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:17 a.m.7 views

CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

6.7CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:17 a.m.5 views

CVE-2026-20459

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

5.3CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:17 a.m.6 views

CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS0.00204EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 3:33 a.m.7 views

EUVD-2026-40883

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS6.1AI score0.00525EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:14 a.m.17 views

CVE-2026-20463

Technical details for CVE-2026-20463 are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

6.7CVSS5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 3:14 a.m.6 views

EUVD-2026-40876

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

6.7CVSS5.8AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:14 a.m.39 views

CVE-2026-20463

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.19 views

CVE-2026-20462

Technical details about CVE-2026-20462 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins to obtain affected components, impact, and remediation specifics.

6.7CVSS6.1AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:14 a.m.37 views

CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

0.00111EPSS
Exploits0References1
Rows per page
Query Builder