Lucene search
+L

89146 matches found

EUVD
EUVD
added 2026/07/10 4:15 p.m.7 views

EUVD-2026-42945

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 3:0 p.m.33 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/10 2:45 p.m.8 views

CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS6.5AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 12:9 p.m.36 views

CVE-2026-54468

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 11:51 a.m.29 views

CVE-2026-56689

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:55 a.m.40 views

CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:58 a.m.6 views

CVE-2026-21048

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits1References2
CVE
CVE
added 2026/07/10 4:58 a.m.7 views

CVE-2026-21045

CVE-2026-21045 : Out-of-bounds write in TIFF parsing inside libimagecodec.media.quram.so (before SMR Jul-2026 Release 1) could allow remote attackers to write memory outside allocated bounds. Affected component is the TIFF parser within the Qualcomm/Quram media stack (libimagecodec.media.quram.so...

8.3CVSS6AI score0.00379EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.4 views

SUSE CVE-2026-56374

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure...

3.3CVSS6.2AI score0.00157EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 2:0 a.m.9 views

EUVD-2026-42776

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 1:45 a.m.3 views

CVE-2026-15319 Sipeed PicoClaw Launcher access_control.go IPAllowlist access control

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

6.9CVSS6.4AI score0.00323EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.8 views

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2026-2543)

According to the versions of the libssh2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file...

9.1CVSS6.9AI score0.00466EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:30 p.m.5 views

CVE-2026-15271

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185RT10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References13Affected Software7
CVE
CVE
added 2026/07/09 9:30 p.m.10 views

CVE-2026-15271

CVE-2026-15271 affects TOTOLINK models A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200. The issue concerns an unspecified functionality in the Web Interface component, specifically the file /etc/boa/boa.conf, where manipulation can lead to a least privilege violation . The attack ...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References12
NVD
NVD
added 2026/07/09 8:16 p.m.6 views

CVE-2026-15270

A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...

7.7CVSS0.00443EPSS
Exploits0References6
CVE
CVE
added 2026/07/09 5:45 p.m.15 views

CVE-2026-15204

TOTOLINK X5000R is affected by CVE-2026-15204. The OpenVPN Export feature (file /web/cgi-bin/cstecgi.cgi, function exportOvpn) is vulnerable to path traversal. The vulnerability can be exploited remotely. Details in connected records identify the affected product/version (9.1.0cu.2415_B20250515/9...

6.9CVSS6AI score0.00488EPSS
Exploits0References6
OSV
OSV
added 2026/07/09 5:15 p.m.3 views

CVE-2026-15195 apidevtools json-schema-ref-parser pointer.ts Pointer.set prototype pollution

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:10 p.m.8 views

CVE-2026-13462

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/09 2:30 p.m.4 views

CVE-2026-15187 enquirer Public Package API Enquirer.set prototype pollution

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/09 12:46 a.m.3 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.2AI score0.00813EPSS
Exploits0References8
Rows per page
Query Builder