Lucene search
K

1231042 matches found

NVD
NVD
added 43 minutes ago4 views

CVE-2026-60094

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS
Exploits0References3
NVD
NVD
added 43 minutes ago4 views

CVE-2026-12593

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS
Exploits0References1
NVD
NVD
added 43 minutes ago4 views

CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

Exploits0References3
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests

Summary The modules/plugins.php endpoint handles plugin installation, uninstallation, and update operations via GET requests without CSRF token validation. Because these are top-level navigations, browsers include SameSite=Lax session cookies. An attacker crafts a malicious page that, when an...

0.00013EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

Summary CssParser::Parserreadremotefile and therefore loaduri!, and the @import-following branch of addblock! issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or RFC‑1918...

Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the VALUE regex pattern in cssparser.py enters exponential...

Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...

Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths

Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...

8.2CVSS0.00504EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager

Description: The EventManager module in pyload manages a list of Client instances for subscribing to events. The addition of each unique uuid from the getevents API causes the creation of a Client instance that gets appended to the clients list. Although there is a clean method available in the...

Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs

Summary isglobaladdress in src/pyload/core/utils/web/check.py is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "globally routable" via Python's ipaddress.ipaddressvalue.isglobal, and callers treat not isglobal as "deny": python def...

0.00039EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-60094 Vinchin Backup & Recovery 9.0.0.86562 Heap Buffer Overflow via agentlink_server

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 1 hour ago2 views

CVE-2026-60094

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS
Exploits0References4
CVE
CVE
added 1 hour ago5 views

CVE-2026-60094

Vulnerability overview (CVE-2026-60094): Vinchin Backup & Recovery up to 9.0.0.86562 is affected by a heap buffer overflow in the agentlink_server. According to the records, an unauthenticated remote attacker can send a malformed TCP packet with an unchecked body_len field, passing an attacker-co...

6.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-12116 CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

Exploits0References4
CVE
CVE
added 2 hours ago6 views

CVE-2026-12116

CVE-2026-12116 affects Xerte Online Tools (Xerte Online Toolkits). The vulnerability allows remote code execution via the antivirus binary path in the tools server settings, which an attacker can misconfigure to point to a PHP interpreter, enabling uploaded PHP data to be executed on the server. ...

5.9AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42564

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score
Exploits0References14
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42569

A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client connects to a malicious RFB/VNC server that advertises a 16bpp framebuffer and sends Hextile-encoded updates, the Hextile background fill path writes 32-bit pixel values into a buffer allocated for 16-bit...

7.1CVSS6.2AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-12593

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-12593 Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS
Exploits0References1
Rows per page
Query Builder