Lucene search
K

3346 matches found

NVD
NVD
added yesterday2 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57382

CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-61876

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS0.002EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score0.00256EPSS
Exploits0References2
Metasploit
Metasploit
added 4 days ago22 views

FTP Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago28 views

FTP Fetch, Windows Upload/Execute, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/ftp/x86/upexec/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago15 views

FTP Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an FTP server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago17 views

FTP Fetch, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)

Fetch and execute an x86 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago12 views

FTP Fetch, Linux Command Shell, Bind TCP Inline (IPv6)

Fetch and execute a x86 payload from an FTP server. Listen for a connection over IPv6 and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x86/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf payloadshellbindipv6t...

6.2AI score
Exploits0
NVD
NVD
added 4 days ago7 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
CVE
CVE
added 5 days ago9 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References3
CVE
CVE
added 6 days ago22 views

CVE-2026-55470

CVE-2026-55470 affects the DSTU2 module of HAPI FHIR (org.hl7.fhir.dstu2) where FHIRPathEngine.matches() still uses raw String.matches(sw) with no RegexTimeout, enabling unauthenticated attackers to trigger catastrophic regex backtracking and exhaust CPU. The issue is resolved by upgrading to 6.9...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 6 days ago15 views

CVE-2026-59937

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

7.5CVSS0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59937 pypdf: Possible long runtimes for repeated malformed cross-reference entries

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

6.9CVSS0.00345EPSS
Exploits0References4
Rows per page
Query Builder