Lucene search
K

2170 matches found

Nuclei
Nuclei
added yesterday37 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS6.1AI score0.01351EPSS
Exploits0References1
Circl
Circl
added 3 days ago6 views

CVE-2026-15053

creationtimestamp| type| source ---|---|--- 2026-07-11 00:40:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdggv6z7c2c...

7.5CVSS6.1AI score0.00324EPSS
Exploits0References1
Circl
Circl
added 4 days ago8 views

CVE-2026-49866

creationtimestamp| type| source ---|---|--- 2026-07-10 16:41:48+00:00| seen| https://gist.github.com/alon710/9eaabfe8d7f17c883b344ecc760d4947 2026-07-10 18:35:05+00:00| published-proof-of-concept| https://github.com/libp2p/js-libp2p/security/advisories/GHSA-cwc9-cp4j-mcvv...

7.5CVSS6.1AI score0.00446EPSS
Exploits0References2
Veracode
Veracode
added 4 days ago5 views

Improper Input Validation

github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References9Affected Software2
EUVD
EUVD
added 4 days ago16 views

EUVD-2026-34013

Tesla vulnerable to atom exhaustion via untrusted URL scheme...

8.2CVSS5.9AI score0.00301EPSS
Exploits0References5
Circl
Circl
added 5 days ago8 views

CVE-2026-15131

creationtimestamp| type| source ---|---|--- 2026-07-09 01:12:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hcdrdsr2g 2026-07-09 04:46:03+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260709...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

0.00177EPSS
Exploits0References1
Circl
Circl
added last week8 views

CVE-2026-48956

creationtimestamp| type| source ---|---|--- 2026-07-07 20:48:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3i3hz3pq27 2026-07-08 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq5claiknt2n...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week9 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added last week5 views

EUVD-2025-210439

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Circl
Circl
added last week9 views

CVE-2021-20173

creationtimestamp| type| source ---|---|--- 2026-07-07 12:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq2kxfyzo62o...

8.8CVSS7.2AI score0.03199EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56238

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...

8.7CVSS6.1AI score0.00351EPSS
Exploits0References15
Circl
Circl
added 2026/07/06 9:42 p.m.7 views

GHSA-287W-MXQ6-X2CP

creationtimestamp| type| source ---|---|--- 2026-07-06 21:42:10+00:00| seen| https://gist.github.com/alon710/42394c2aa3975303824ce1e33bac787e...

5.9AI score
Exploits0References1
Circl
Circl
added 2026/07/06 4:15 p.m.8 views

CVE-2026-13698

creationtimestamp| type| source ---|---|--- 2026-07-06 16:15:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyifa6m562w 2026-07-09 16:02:50+00:00| seen| https://bsky.app/profile/bootintel.bsky.social/post/3mq7z2rkvbo2o...

7.5CVSS5.9AI score0.00549EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.9 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6AI score0.0122EPSS
Exploits0References6
Circl
Circl
added 2026/07/06 6:10 a.m.7 views

CVE-2025-50493

creationtimestamp| type| source ---|---|--- 2026-07-06 06:10:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpxgkii2s32i...

7.5CVSS5.9AI score0.00315EPSS
Exploits0References1
Circl
Circl
added 2026/07/05 12:36 a.m.11 views

CVE-2026-14641

creationtimestamp| type| source ---|---|--- 2026-07-05 00:36:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpudh4j6re2d...

7.5CVSS7.1AI score0.00416EPSS
Exploits0References1
Circl
Circl
added 2026/07/04 12:51 p.m.14 views

GHSA-V8VC-CMF9-GG2C

creationtimestamp| type| source ---|---|--- 2026-07-04 12:51:30+00:00| seen| https://bsky.app/profile/selfhost.directory/post/3mpt3zzsn3f2w...

5.9AI score
Exploits0References1
Rows per page
Query Builder