Lucene search
+L

20429 matches found

Nuclei
Nuclei
added yesterday113 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.9AI score0.0302EPSS
Exploits1References3
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45182

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

7.2CVSS5.3AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45181

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.1CVSS5.3AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...

7.2CVSS0.00221EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2 days ago11 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.1CVSS0.00149EPSS
Exploits0References1
Veracode
Veracode
added 2 days ago8 views

Improper Access Control

github.com/julien040/anyquery is vulnerable to Improper Access Control. The vulnerability is due to missing input sanitization and insufficient access control over the built-in SQLite virtual table modules, which allows an unauthenticated attacker to create virtual tables that reference arbitrary...

5.5AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.2AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago8 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

8.8CVSS7.6AI score0.0012EPSS
Exploits5References6
Veracode
Veracode
added 2 days ago6 views

Server-Side Request Forgery (SSRF)

github.com/julien040/anyquery, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the server mode not restricting outbound HTTP requests initiated by its built-in SQLite virtual table modules such as jsonreader and logreader, which allows an unauthenticated attacker to...

5.3AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago14 views

PT-2026-60772

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.3AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...

0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-51083

Proxmox VE is affected: incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users with limited privileges to obtain hashed passwords via the cloudinit/dump API. The root cause is an access-control issue in the cloudinit/dump endpo...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago10 views

PT-2026-60773

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

5.3AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-53412

CVE-2026-53412 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root cause is improper input validation, allowing an unauthenticated, network-remote attacker to take over an account. Impact is high (CVE-2026-53412 CVSS v3.1: 9.8, CRITICAL...

9.8CVSS6.2AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder