Lucene search
+L

255876 matches found

CVE
CVE
added 3 hours ago5 views

CVE-2026-47870

CVE-2026-47870 affects VMware Avi Load Balancer. A malicious authenticated user with network access can potentially execute remote code due to a privilege-escalation flaw. Affected versions and fixes shown in public records: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30...

7.1CVSS5.5AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-45365

VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1 through...

7.1CVSS5.5AI score
Exploits0References1
CVE
CVE
added 3 hours ago8 views

CVE-2026-47869

CVE-2026-47869 describes a remote code execution flaw in VMware Avi Load Balancer. An authenticated user with network access can inject and execute code. Affected versions and fixed releases: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); 22.1.1–22...

8.7CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45364

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1...

8.7CVSS6.3AI score
Exploits0References1
CVE
CVE
added 3 hours ago6 views

CVE-2026-47867

CVE-2026-47867 describes a remote code execution vulnerability in VMware Avi Load Balancer. The issue allows an unauthenticated or authenticated (network-access) attacker to execute code on the Avi Control Plane through the network, with a base CVSSv3.1 score of 8.7 (HIGH) and impact on confident...

8.7CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45362

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in...

8.7CVSS6.3AI score
Exploits0References1
Nuclei
Nuclei
added 3 hours ago32 views

Qwik - Unauthenticated RCE via server$ Deserialization

Qwik =1.19.0 contains an insecure deserialization vulnerability in the server$ RPC mechanism, letting unauthenticated attackers execute arbitrary code remotely, exploit requires require availability at runtime. id: CVE-2026-27971 info: name: Qwik - Unauthenticated RCE via server$ Deserialization...

9.8CVSS5.9AI score0.04632EPSS
Exploits0References2
Nuclei
Nuclei
added 3 hours ago18 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS5.8AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added 3 hours ago117 views

OpenCode < 1.0.216 - Unauthenticated Remote Code Execution

OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying serve...

8.8CVSS9.5AI score0.16955EPSS
Exploits7References2
Nuclei
Nuclei
added 3 hours ago45 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS5.6AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added 3 hours ago46 views

Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

9.8CVSS7.3AI score0.01907EPSS
Exploits1References2
Nuclei
Nuclei
added 3 hours ago36 views

ICTBroadcast - Command Injection

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...

9.3CVSS8.2AI score0.05991EPSS
Exploits3References2
Nuclei
Nuclei
added 3 hours ago29 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS9.5AI score0.10371EPSS
Exploits8References3
Nuclei
Nuclei
added 3 hours ago10 views

SPIP Saisies - Remote Code Execution

SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. id: CVE-2025-71243 info: name: SPIP Saisies - Remote Code Execution author: omarkurt severity:...

9.8CVSS6.8AI score0.05126EPSS
Exploits5References4
Nuclei
Nuclei
added 3 hours ago23 views

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...

9.8CVSS5.4AI score0.03177EPSS
Exploits2
Nuclei
Nuclei
added 3 hours ago20 views

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

9.8CVSS9.3AI score0.32714EPSS
Exploits13References4
Nuclei
Nuclei
added 3 hours ago18 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Nuclei
Nuclei
added 3 hours ago82 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS7AI score0.142EPSS
Exploits4References3
Nuclei
Nuclei
added 3 hours ago24 views

Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

9.8CVSS8.6AI score0.38477EPSS
Exploits4References3
Nuclei
Nuclei
added 3 hours ago70 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.7AI score0.05289EPSS
Exploits0References2
Rows per page
Query Builder