Lucene search
K

2232 matches found

Vulnrichment
Vulnrichment
added 2026/05/09 8:27 a.m.7 views

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

7.2CVSS6.1AI score0.00842EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 3:16 p.m.11 views

CVE-2026-41585

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS0.00257EPSS
Exploits0References1
Circl
Circl
added 2026/05/07 7:54 a.m.9 views

CVE-2026-7821

creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...

9.1CVSS4.9AI score0.00509EPSS
Exploits0References8
Circl
Circl
added 2026/05/07 7:54 a.m.27 views

CVE-2026-5786

creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...

8.8CVSS5.4AI score0.00714EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.6 views

Nessus Manager < 10.10.3 / 10.11.0 < 10.11.3 Path Traversal (TNS-2026-08)

According to its self-reported version, the Nessus Manager application running on the remote host is prior to 10.10.3, prior to 10.11.3. It is, therefore, affected by an path traversal vulnerability as referenced in the TNS-2026-08 advisory. - A path traversal vulnerability exists in Nessus Manag...

6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.8 views

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 6:34 p.m.12 views

CVE-2026-41934

Vvveb prior to 1.0.8.2 contains an authenticated RCE in the admin code editor. With roles such as editor/author/contributor/site_admin, an attacker can write a crafted .htaccess to map arbitrary extensions to the PHP handler and upload PHP code with that extension, enabling unauthenticated remote...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 5:16 p.m.9 views

CVE-2026-20185

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 5:16 p.m.24 views

CVE-2026-20034

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

8.8CVSS0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.5 views

CVE-2026-20185 Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS5.9AI score0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20185

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS5.9AI score0.00389EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2026/05/06 4:0 p.m.17 views

Cisco IoT Field Network Director Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial of service DoS conditions on managed routers. For more information about these...

7.7CVSS5.9AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Cisco Slido 安全漏洞

Cisco Slido is an interactive Q&A and voting platform provided by the American company Cisco. There is a security vulnerability in Cisco Slido, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access other users’ social media dat...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37648

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...

9CVSS6.2AI score0.00696EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Cisco 350X Series和Cisco 350 Series 安全漏洞

The Cisco 350X Series and Cisco 350 Series are a series of enterprise-class stackable Ethernet switches from the American company Cisco. There are security vulnerabilities in both the Cisco 350X Series and Cisco 350 Series. These vulnerabilities stem from improper error handling when parsing...

7.7CVSS5.8AI score0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 4:16 p.m.19 views

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

8.8CVSS0.01275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.8 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

5.9AI score0.01275EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 12:0 a.m.20 views

CVE-2026-31195

The CVE-2026-31195 issue affects ALTICE LABS / SFR France GR140DG/GR140IG fibre CPE/Router/Gateway. The ping diagnostic handler at /bin/httpd_clientside inserts unsanitized user input into a system() call, enabling authenticated remote attackers to execute arbitrary commands as root via crafted d...

8.8CVSS5.9AI score0.01275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS6AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 10:16 a.m.6 views

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00326EPSS
Exploits0References2
Rows per page
Query Builder