Lucene search
+L

96 matches found

cve
cve
added 2 days ago5 views

CVE-2026-15429

CVE-2026-15429 describes a privilege escalation in the HTTP authentication component of the Archer VX1800v (v1). The vulnerability results from improper handling of user-controlled input, enabling newline character injection into internally constructed configuration data. An authenticated user wi...

5.1CVSS6AI score0.00394EPSS
Exploits0References2
osv
osv
added 2026/06/30 2:2 a.m.9 views

MAL-2026-6673 Malicious code in anthropic-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...

6.1AI score
Exploits0References23
euvd
euvd
added 2026/06/19 3:44 p.m.7 views

EUVD-2017-18987

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
cve
cve
added 2026/06/19 3:24 p.m.15 views

CVE-2017-20254

The CVE-2017-20254 entry concerns the Joomla! Component User Bench 1.0, which is vulnerable to SQL injection via the userid parameter in index.php? option=com_userbench&view=detail&userid. The underlying flaw allows unauthenticated attackers to execute arbitrary SQL and exfiltrate sensitive data ...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
ossf
ossf
added 2026/06/11 5:17 a.m.20 views

Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.9AI score
Exploits0References26
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40543

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.4AI score0.00273EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.10 views

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management - Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

5.8CVSS5AI score0.00154EPSS
Exploits0References1
hackerone
hackerone
added 2026/05/26 2:47 a.m.96 views

curl: TLS conn reuse and session cache ignore fsslctx callback and ssl_config_data flags ( incomplete fix variant of 7541ae569 )

Summary matchsslprimaryconfig in lib/vtls/vtls.c:194 and the session-cache key built by cfsslpeerkeybuild in lib/vtls/vtlsscache.c:240 both compare only struct sslprimaryconfig fields when deciding whether to reuse a TLS connection or cached session. Several fields that materially change the TLS...

5.9AI score
Exploits0
ossf
ossf
added 2026/05/23 6:19 p.m.15 views

Malicious code in pewter-constantstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...

5.8AI score
Exploits0References1
nessus
nessus
added 2026/05/19 12:0 a.m.25 views

Cisco Catalyst SD-WAN Manager Vulnerabilities (cisco-sa-sdwan-mltvnps2-JxpWm7R)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities. - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an...

8.6CVSS6.7AI score0.00696EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/05/15 1:57 a.m.11 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/14 6:48 p.m.58 views

CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS0.00214EPSS
Exploits0References2
cve
cve
added 2026/05/14 6:48 p.m.27 views

CVE-2026-23998

CVE-2026-23998 affects Fleet open-source device management software, specifically the Windows MDM management endpoint. A vulnerability in the endpoint could allow requests without proper client certificate validation to be processed as trusted, enabling an attacker who knows a valid enrolled devi...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/05/13 9:16 p.m.12 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS0.00367EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/13 7:54 p.m.15 views

CVE-2026-45229

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS
Exploits0References4
osv
osv
added 2026/05/13 7:54 p.m.3 views

CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.7CVSS6.1AI score0.00367EPSS
Exploits0References6
osv
osv
added 2026/05/11 4:46 p.m.3 views

CVE-2026-44994 OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint

OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive...

6.3CVSS6AI score0.00317EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/23 11:56 p.m.3 views

CVE-2026-40431

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.8AI score0.0019EPSS
Exploits0References4Affected Software1
ossf
ossf
added 2026/04/03 7:4 p.m.13 views

Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
nvd
nvd
added 2026/03/27 5:16 p.m.5 views

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS0.00387EPSS
Exploits1References2
Rows per page
Query Builder