Lucene search
K

67343 matches found

Cvelist
Cvelist
added 10 hours ago4 views

CVE-2026-61464 ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service...

1.8CVSS
Exploits0References2
NVD
NVD
added 14 hours ago7 views

CVE-2026-15583

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS
Exploits0References1
CVE
CVE
added 14 hours ago17 views

CVE-2026-15583

Grafana MCP Server is affected by CVE-2026-15583, a confusion-deputy vulnerability that allows an unauthenticated remote attacker to exfiltrate the server’s Grafana service-account token and perform SSRF via a crafted X-Grafana-URL header. The flaw enables targeting internal services, including c...

8.6CVSS6.2AI score
Exploits0References1
OSV
OSV
added 15 hours ago3 views

MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
Nuclei
Nuclei
added 17 hours ago23 views

MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...

7.5CVSS7.1AI score0.03625EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago31 views

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

6.1CVSS6.2AI score0.0081EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago95 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added 17 hours ago79 views

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

6.1CVSS6.2AI score0.08011EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago26 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6.2AI score0.14847EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago54 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.4AI score0.01595EPSS
Exploits2References2
NVD
NVD
added yesterday7 views

CVE-2026-56451

A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...

10CVSS0.00384EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43650

A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...

10CVSS7AI score0.00384EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-56451

A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...

10CVSS0.00384EPSS
Exploits0References1
CVE
CVE
added yesterday21 views

CVE-2026-56451

Opcenter X (all versions

10CVSS6.1AI score0.00384EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday7 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday84 views

NetAlert X - Arbitary File Read

A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12. id: CVE-2024-48766 info: name: NetAlert X - Arbitary File Read author: s4e-io severity: critical description: | A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18...

8.6CVSS6.9AI score0.68616EPSS
Exploits1References3
NVD
NVD
added 2 days ago4 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

7.5CVSS0.00204EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS6.2AI score0.00157EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS7.1AI score0.00161EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.8AI score0.0014EPSS
Exploits0References7
Rows per page
Query Builder