133967 matches found
CVE-2026-22103
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
EUVD-2026-43305
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...
EUVD-2026-43288
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...
Malicious code in env-fast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9955128054ee66cd4675be3884e92f9e541ad7e9673496ece60e932c0b83ca5f [email protected] presents as a zero-dependency env loader but on require schedules a 72-hour-delayed activation that POSTs a host fingerprint hostname,...
Malicious code in type-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4db69b627def6f11a74d5948b91006a46a3c73d90081be6f19716133cfaafb The package presents itself as a pino-style logger README and keywords reference logging; index.js exports module.exports.pino = middleware, but the...
CVE-2026-9571
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...
CVE-2026-22103 Command injection in NPC start web endpoint
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22103 Command injection in NPC start web endpoint
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22103
CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...
EUVD-2026-43333
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22102 Arbitrary file overwrite through certificate update functionality
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-22102 Arbitrary file overwrite through certificate update functionality
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-22102
CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...
EUVD-2026-43329
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-22095 Command injection in diagnosis web endpoint
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095 Command injection in diagnosis web endpoint
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095
The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...
EUVD-2026-43326
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-pqc AWS Secrets Manager Key-Metadata Unsafe Deserializat...