Lucene search
K

133967 matches found

NVD
NVD
added 6 hours ago3 views

CVE-2026-22103

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
NVD
NVD
added 6 hours ago3 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-43305

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-43288

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago3 views

Malicious code in env-fast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9955128054ee66cd4675be3884e92f9e541ad7e9673496ece60e932c0b83ca5f [email protected] presents as a zero-dependency env loader but on require schedules a 72-hour-delayed activation that POSTs a host fingerprint hostname,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago4 views

Malicious code in type-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4db69b627def6f11a74d5948b91006a46a3c73d90081be6f19716133cfaafb The package presents itself as a pino-style logger README and keywords reference logging; index.js exports module.exports.pino = middleware, but the...

6.5AI score
Exploits0References3
NVD
NVD
added 7 hours ago4 views

CVE-2026-9571

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 7 hours ago4 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-43333

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS
Exploits0References1
CVE
CVE
added 7 hours ago4 views

CVE-2026-22102

CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...

9.3CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-43329

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 7 hours ago5 views

CVE-2026-22095

The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...

9.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago2 views

EUVD-2026-43326

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 8 hours ago19 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc AWS Secrets Manager Key-Metadata Unsafe Deserializat...

9.8CVSS6.2AI score0.00691EPSS
Exploits1
Rows per page
Query Builder