Lucene search
K

3925 matches found

Nuclei
Nuclei
added 9 hours ago18 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago11 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.1AI score0.0203EPSS
Exploits1References3
NVD
NVD
added 4 days ago7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References9
NOZOMI
NOZOMI
added 6 days ago5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
NVD
NVD
added last week9 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2025-53829

ownCloud 10 before 10.15.3 is vulnerable to a path traversal flaw that an administrator can exploit to execute arbitrary code. The CVE-2025-53829 entry notes a patch is available in version 10.15.3 or later. CVSS v3.1 score is 8.0 (HIGH) with network attack vector, high complexity, required privi...

8CVSS6.2AI score0.00335EPSS
Exploits0References1
CVE
CVE
added last week16 views

CVE-2025-53828

CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added last week47 views

CVE-2025-53828 SharePoint for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF)

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added last week14 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55939

Name of the Vulnerable Software and Affected Versions SharePoint for ownCloud versions prior to 0.4.1 ownCloud 10 versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a Server-Side Request Forgery SSRF in the SharePoint app to execute arbitrary code on the...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55940

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a path traversal issue to execute arbitrary code. Path traversal is a flaw that allows an attacker to access files and directories that are...

8CVSS6.3AI score0.00335EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 5:17 p.m.9 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:52 p.m.7 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS0.01129EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 8:59 a.m.15 views

CVE-2025-7406

CVE-2025-7406 affects Nokia MantaRay NM. A local privilege escalation allows an admin with local privileges to gain root access, yielding root filesystem control and full actions as root. Mitigation mentioned: temporarily restrict the set of commands permitted via sudo for affected accounts. No s...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.18 views

PT-2026-53811

Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...

4.4CVSS6.1AI score0.0024EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/26 1:8 p.m.36 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:23 p.m.18 views

CVE-2026-13083

CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....

6.9CVSS5.7AI score0.00176EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder