Lucene search
K

1865 matches found

Nuclei
Nuclei
added yesterday81 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
NVD
NVD
added 5 days ago7 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 days ago9 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
OSV
OSV
added last week4 views

PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.9AI score0.00294EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.33 views

CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/30 7:50 p.m.5 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-511 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-510 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57431

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56045 WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:47 p.m.18 views

CVE-2026-13426

The Mattermost Go module github.com/mattermost/mattermost/server/public versions

5.4CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51686

Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...

7.5CVSS6AI score0.00505EPSS
Exploits0References11
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.8 views

CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.6 views

CVE-2026-46094 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46094 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS6.5AI score0.00125EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.8 views

CVE-2026-45838 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45838 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.8 views

CVE-2026-45842 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45842 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.5AI score0.00114EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.11 views

CVE-2026-46294 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46294 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00143EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00127EPSS
Exploits0
Rows per page
Query Builder