Lucene search
K

361188 matches found

Ivanti
Ivanti
added 2026/12/05 2:3 p.m.24 views

May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) (CVE-2026-8051)

Summary Ivanti has released updates for Ivanti Virtual Traffic Manager which addresses one High severity vulnerability. Successful exploitation could lead to admin authenticated remote code execution. We are not aware of any customers being exploited by this vulnerability at the time of disclosur...

7.2CVSS6.1AI score0.01914EPSS
Exploits0
Ivanti
Ivanti
added 2026/12/05 2:2 p.m.38 views

May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)

Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...

8.8CVSS6.2AI score0.00564EPSS
Exploits0
Ivanti
Ivanti
added 2026/12/05 2:0 p.m.23 views

Security Advisory - Ivanti Xtraction (CVE-2026-8043)

Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...

9.6CVSS5.9AI score0.00869EPSS
Exploits0
Ivanti
Ivanti
added 2026/12/05 1:59 p.m.32 views

Security Advisory Ivanti Endpoint Manager (EPM) May 2026

Security Advisory Ivanti Endpoint Manager EPM CVE-2026-8109, CVE-2026-8110, CVE-2026-811 Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one Medium severity and two High severity vulnerabilities. Successful exploitation could lead to information disclosure, privile...

8.8CVSS6.3AI score0.00883EPSS
Exploits0
Ivanti
Ivanti
added 2026/10/03 9:26 a.m.36 views

Security Advisory Ivanti DSM (CVE-2026-3483)

Security Advisory Ivanti DSM CVE-2026-3483 Summary Ivanti has released an update for Ivanti Desktop and Server Management DSM which addresses one high severity vulnerability. Successful exploitation could allow an attacker to elevate their local privileges. We are not aware of any customers being...

7.8CVSS5.8AI score0.00397EPSS
Exploits0
Ivanti
Ivanti
added 2026/09/06 1:58 p.m.19 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)

Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...

7.2CVSS6.1AI score0.01634EPSS
Exploits0
Ivanti
Ivanti
added 2026/09/02 8:55 p.m.35 views

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

8.6CVSS6.4AI score0.81089EPSS
Exploits0
The Hacker News
The Hacker News
added 49 minutes ago2 views

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address fr...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 1 hour ago5 views

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...

6.1AI score
Exploits0
CVE
CVE
added 2 hours ago3 views

CVE-2026-6382 Multiple elFinder Plugins - Authenticated OS Command Injection

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

6AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-6382 Multiple elFinder Plugins - Authenticated OS Command Injection

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

Exploits0References1
CVE
CVE
added 2 hours ago3 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 3 hours ago2 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.6AI score0.00426EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 hours ago2 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.6AI score0.00426EPSS
Exploits0References5
F5 Networks
F5 Networks
added 7 hours ago2 views

K000162085: Spring Data MongoDB vulnerability CVE-2026-41717

Security Advisory Description Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions...

8.1CVSS5.9AI score0.00328EPSS
Exploits0
GithubExploit
GithubExploit
added yesterday22 views

Exploit for CVE-2026-9290

CVE-2026-9290 — WP User Manager LFI to RCE Exploit Pre-Auth Path...

7.5CVSS6AI score0.02403EPSS
Exploits1
NVD
NVD
added yesterday5 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score
Exploits0References6
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
Rows per page
Query Builder