Lucene search
K

377 matches found

Cvelist
Cvelist
added 2026/06/05 7:31 p.m.32 views

CVE-2026-25623 Arista Edge Threat Management NGFW UI Arbitrary Command Execution

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions...

7CVSS0.05951EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40500

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.6AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.16 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.6AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.5AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.8 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WebPros Comet Backup 安全漏洞

WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. There is a security vulnerability in WebPros Comet Backup, which stems from insufficient character filtering in the backup proxy signature module. This vulnerability may allow authenticated tenant...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:30 a.m.11 views

EUVD-2024-55597

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.8AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:29 a.m.18 views

CVE-2024-47268

CVE-2024-47268 affects Synology Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575, with a missing authorization vulnerability in the AddOns functionality. The issue allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. The ...

4.9CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 8:29 a.m.11 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.8AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43633

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6AI score0.0023EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43578

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description A path traversal issue exists in the Archiving Pull functionality. This occurs when there is an improper...

2.7CVSS5.8AI score0.00325EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Synology Surveillance Station 路径遍历漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. Versions of Synology Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575 have a path traversal vulnerabilit...

2.7CVSS5.8AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 3:16 p.m.12 views

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS0.00641EPSS
Exploits0References7
NVD
NVD
added 2026/05/26 3:16 p.m.16 views

CVE-2026-41917

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS0.00387EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.9 views

CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

8.6CVSS6AI score0.00679EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have a security vulnerability. This vulnerability arises from failing to clean up the path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field...

9.4CVSS6.1AI score0.00738EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42563

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Reflected Cross-Site Scripting XSS occurs in Legacy Pagination through HTML attribute injection. The ConcreteCoreLegacyPagination class constructs pagination links by raw-interpolating the $URL...

6CVSS5.8AI score0.00139EPSS
Exploits0References4
NVD
NVD
added 2026/05/20 8:16 p.m.10 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS0.00441EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 8:7 p.m.6 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.9AI score0.00441EPSS
Exploits0References3
Rows per page
Query Builder