Lucene search
K

2234 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/02 9:14 a.m.5 views

CVE-2026-7491

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data...

8.6CVSS5.8AI score0.00259EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.8 views

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities (cisco-sa-fmc-sql-injection-2qH6CcJd)

According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to...

8.1CVSS6.2AI score0.0034EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/30 9:11 p.m.33 views

CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS0.0047EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 7:50 p.m.4 views

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

8.8CVSS6.5AI score0.00825EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/29 7:25 p.m.4 views

CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

5.3CVSS6.6AI score0.00212EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.103 views

OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-34865

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...

8.8CVSS6.5AI score0.04783EPSS
Exploits13References41
OSV
OSV
added 2026/04/23 2:17 p.m.3 views

GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

9.6CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 2:17 p.m.10 views

OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

5.9AI score
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/04/23 12:0 a.m.17 views

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

9.6CVSS6.1AI score0.00323EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/04/22 4:16 a.m.7 views

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

7.1CVSS0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 3:36 a.m.4 views

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 3:32 a.m.34 views

CVE-2026-6833 aEnrich|a+HRD - SQL Injection

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:0 p.m.3 views

CVE-2026-21571

This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of...

9.4CVSS6AI score0.0127EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 10:16 a.m.8 views

CVE-2026-41036

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...

8.8CVSS0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:7 a.m.3 views

CVE-2026-41036

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...

8.7CVSS6.6AI score0.00449EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 10:7 a.m.29 views

CVE-2026-41036 Command Injection Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...

8.7CVSS0.00449EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 8:16 a.m.7 views

CVE-2026-5966

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system...

8.1CVSS0.0041EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 7:44 a.m.17 views

CVE-2026-5967

ThreatSonar Anti-Ransomware (TeamT5) is affected by a Privilege Escalation vulnerability. The description states that authenticated remote attackers with shell access can inject OS commands and execute them with root privileges, indicating a post-authentication, command-injection path that could ...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 7:44 a.m.30 views

CVE-2026-5967 TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges...

8.8CVSS0.00372EPSS
Exploits0References2
Rows per page
Query Builder