Lucene search
K

435190 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-14495

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS
Exploits0References5
CVE
CVE
added 2 hours ago7 views

CVE-2026-14495

CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...

8.8CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2 hours ago9 views

CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42167

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score
Exploits0References5
The Hacker News
The Hacker News
added 2 hours ago6 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.01021EPSS
Exploits13
GithubExploit
GithubExploit
added 4 hours ago12 views

nmap-enumeration-lab

Network Scanning & Host Enumeration with Nmap Host discovery,...

10CVSS6AI score0.96184EPSS
Exploits50
Fedora
Fedora
added 6 hours ago3 views

[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS5.9AI score0.00373EPSS
Exploits3
GithubExploit
GithubExploit
added 7 hours ago18 views

Exploit for CVE-2026-49777

!AMN SECURITYhttps://img.shields.io/badge/AMN-SECURITY-000000...

10CVSS6.2AI score0.01656EPSS
Exploits3
GithubExploit
GithubExploit
added 7 hours ago17 views

Exploit for CVE-2026-8206

🛡️ AMN SECURITY 🛡️ !CVE-2026-8206https://img.shields.io/ba...

9.8CVSS5.9AI score0.0126EPSS
Exploits5
Amazon
Amazon
added 8 hours ago2 views

Medium: qt5-qt3d

Issue Overview: A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possib...

5.3CVSS5.2AI score0.00115EPSS
Exploits0
Amazon
Amazon
added 8 hours ago2 views

Medium: opensc

Issue Overview: A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The...

5.1CVSS5.5AI score0.00296EPSS
Exploits0
Positive Technologies
Positive Technologies
added 8 hours ago4 views

PT-2026-56322

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologins::rrand seeds the Mersenne Twister with mt sranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score
Exploits0References6
GithubExploit
GithubExploit
added yesterday20 views

Exploit for Command Injection in Litellm

─── CVE-2026-42271 ─── 🛡️ AMN SECURITY 🛡️ مركز أ...

8.8CVSS6.5AI score0.80188EPSS
Exploits2
GithubExploit
GithubExploit
added yesterday18 views

Exploit for Deserialization of Untrusted Data in Microsoft

─── CVE-2026-45659 ─── 🏴 AMN SECURITY 🏴 مركز أب...

8.8CVSS6.7AI score0.03219EPSS
Exploits4
GithubExploit
GithubExploit
added yesterday20 views

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

─── CVE-2026-8451 ─── 🏴 AMN SECURITY 🏴 مركز أبح...

8.8CVSS6AI score0.00502EPSS
Exploits1
Github Security Blog
Github Security Blog
added yesterday5 views

Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise

Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...

6.4AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday5 views

GHSA-4G5X-HCWM-82JW Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise

Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...

7.7CVSS6.4AI score
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-CWV4-H3J5-W3CF rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

3.7CVSS6.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday4 views

rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

6.5AI score
Exploits0References3Affected Software1
NVD
NVD
added yesterday2 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS
Exploits0References6
Rows per page
Query Builder