Lucene search
K

91 matches found

Cvelist
Cvelist
added 2026/06/16 6:36 p.m.26 views

CVE-2026-22313 OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.14 views

CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 9:2 p.m.14 views

CVE-2026-26289

CVE-2026-26289 affects PowerSYSTEM Center: the REST API endpoint used for device account export has incorrect authorization, permitting an authenticated user with limited permissions to access data normally restricted to administrators. The issue exposes sensitive information and is backed by hig...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40435

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 8:2 p.m.3 views

EUVD-2026-22659

October CMS has Stored XSS in Backend Editor Markup Classes...

5.1CVSS5.8AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 12:16 a.m.15 views

CVE-2026-33915

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...

5.4CVSS0.00227EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/04 5:49 p.m.3 views

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection in the community package installation functionality. An attacker can execute arbitrary system commands by supplying crafted input as an authenticated user with administrative...

9.4CVSS6AI score0.01343EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 5:36 p.m.5 views

CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

9.4CVSS5.8AI score0.01343EPSS
Exploits0References4
NVD
NVD
added 2025/12/18 9:15 p.m.5 views

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

7.7CVSS0.00281EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/20 6:31 p.m.2 views

EUVD-2025-198305

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.5AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/20 3:44 p.m.4 views

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.2AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-11826

Malware in sbrugna...

8.2CVSS8.3AI score0.01402EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-9493

Malware in sbrugna...

4.8CVSS5.2AI score0.00552EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-21408

Malware in sbrugna...

9CVSS7.1AI score0.01458EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-6671

Malware in sbrugna...

7.8CVSS7.6AI score0.0039EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-7046

Malware in sbrugna...

8.8CVSS8.8AI score0.01015EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20794

Malicious code in bioql PyPI...

10CVSS6.6AI score0.01028EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-34004

Malicious code in bioql PyPI...

7.2CVSS5.9AI score0.01418EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-22954

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.06894EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35436

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01027EPSS
Exploits0References1
Rows per page
Query Builder