Lucene search
K

37132 matches found

Cvelist
Cvelist
added 15 hours ago12 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago104 views

Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection

Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...

10CVSS7.2AI score0.69882EPSS
Exploits2References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago3 views

micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00623EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 5 days ago7 views

tomcat11-11.0.23-1.1 on GA media (moderate)

tomcat11-11.0.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11195-1 Rating: moderate Cross-References: CVE-2026-50229 CVE-2026-53404 CVE-2026-53434 CVE-2026-55276 CVE-2026-55955 CVE-2026-55956 CVSS scores: CVE-2026-50229 SUSE : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2026-5022...

6.9CVSS6.1AI score0.00455EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Juniper Junos OS Vulnerability (JSA110078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110078 advisory. - An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacke...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

BeyondTrust Remote Support (RS) <= 24.3.1 Command Injection (BT24-11)

The version of BeyondTrust Remote Support RS running on the remote host is prior or equal to 24.3.1. It is, therefore, potentially affected by a command injection vulnerability. - All BeyondTrust Remote Support RS versions contain a command injection vulnerability that can be exploited by a user...

7.2CVSS7.4AI score0.13788EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 5:16 p.m.9 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 4:13 p.m.41 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 3:19 p.m.7 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.21.1 security update

Important: Red Hat OpenShift GitOps v1.21.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-10083 RC 1.21.0-7: Missing permission for web-based terminal in Argocd UI GITOPS-10178 OpenShift GitOps operator v1.21.0 breaks Redis-HA...

7.5CVSS6AI score0.00813EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 3:50 a.m.8 views

ROOT-OS-DEBIAN-13-CVE-2025-71113 CVE-2025-71113 in rootio-linux - Patched by Root

Root has patched CVE-2025-71113 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:50 a.m.8 views

ROOT-OS-DEBIAN-13-CVE-2025-68307 CVE-2025-68307 in rootio-linux - Patched by Root

Root has patched CVE-2025-68307 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00161EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.3 views

The vulnerability of the drm_gem_change_handle_ioctl() function in the Direct Rendering Manager (DRM) subsystem of Linux kernels allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the changehandle function in the Direct Rendering Manager DRM subsystem of Linux kernels relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

7.8CVSS6AI score0.00134EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11195-1 tomcat11-11.0.23-1.1 on GA media

These are all security issues fixed in the tomcat11-11.0.23-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.9AI score0.00455EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11191-1 python313-lxml_html_clean-0.4.5-1.1 on GA media

These are all security issues fixed in the python313-lxmlhtmlclean-0.4.5-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11185-1 gi-docgen-2026.1-1.1 on GA media

These are all security issues fixed in the gi-docgen-2026.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.9AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11186-1 helm-4.2.2-2.1 on GA media

These are all security issues fixed in the helm-4.2.2-2.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References1
Rows per page
Query Builder