Lucene search
+L

255557 matches found

bdu_fstec
bdu_fstec
added yesterday29 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
attackerkb
attackerkb
added yesterday3 views

CVE-2026-46621

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References6Affected Software1
euvd
euvd
added yesterday3 views

EUVD-2026-44959

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References5
attackerkb
attackerkb
added yesterday3 views

CVE-2026-46562

Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java was constructed without a ClassFilter, so a user with the...

9.8CVSS6.3AI score0.00562EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added yesterday10 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
ibm
ibm
added yesterday12 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025 and IBM Datacap version 9.1.9 Interim Fix 008 released on June 15, 2026 Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to...

9.8CVSS7.2AI score0.66537EPSS
Exploits1Affected Software1
cve
cve
added yesterday5 views

CVE-2026-14890

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when...

9.1CVSS6.5AI score
Exploits0References3
cvelist
cvelist
added yesterday10 views

CVE-2026-14890 CVE-2026-14890

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when...

Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2023-49900

An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...

9.8CVSS
Exploits0References1
cvelist
cvelist
added yesterday17 views

CVE-2023-49900 Origin Validation Error in X-Rite MA-T6

An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...

9.8CVSS
Exploits0References1
cve
cve
added yesterday15 views

CVE-2023-49900

CVE-2023-49900 affects X-Rite MAT 6 Kohinoor embedded spectrophotometer software. The issue is an origin validation error caused by incorrectly sanitized input in the SetParameter command, enabling an unauthenticated remote attacker to achieve remote code execution. The CVSS 3.1 vector is Network...

9.8CVSS7.2AI score
Exploits0References1
nuclei
nuclei
added yesterday27 views

CentOS Web Panel - OS Command Injection

The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. id: CVE-2021-31324 info: name: CentOS Web Panel - OS Command Injection author: ritikchaddha severity: critical description: | The unprivileged user portal...

10CVSS7.1AI score0.34062EPSS
Exploits1References2
nuclei
nuclei
added yesterday29 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS7.3AI score0.18671EPSS
Exploits0References3
nuclei
nuclei
added yesterday112 views

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

8.3CVSS7.3AI score0.12392EPSS
Exploits1References3
nuclei
nuclei
added yesterday332 views

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

8.3CVSS7.1AI score0.94721EPSS
Exploits1References2
nuclei
nuclei
added yesterday20 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.6AI score0.83214EPSS
Exploits4References5
nuclei
nuclei
added yesterday61 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.5AI score0.83214EPSS
Exploits4References5
nuclei
nuclei
added yesterday171 views

SCIMono <0.0.19 - Remote Code Execution

SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system. id: CVE-2021-21479 info: name: SCIMono 0.0.19 - Remote Code Execution author: dwisiswant0 severit...

9.1CVSS7.4AI score0.10116EPSS
Exploits0References5
nuclei
nuclei
added yesterday37 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...

9.8CVSS7.3AI score0.0837EPSS
Exploits1References2
nuclei
nuclei
added yesterday15 views

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

9.1CVSS7.1AI score0.03946EPSS
Exploits2References2
Rows per page
Query Builder