Lucene search
K

56 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 2:16 p.m.4 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
OSV
OSV
added 2026/02/10 10:15 a.m.4 views

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to...

7.8CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 9:58 a.m.6 views

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

8.5CVSS6.2AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 9:16 p.m.7 views

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS0.00639EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:56 p.m.5 views

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS5.4AI score0.00639EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

OpenClaw 访问控制错误漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that originates from the fact that an unauthenticated local client can use the Gateway WebSocket API to write a configuration via config.apply and set insecure cliPath...

8.4CVSS6AI score0.00639EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 4:18 p.m.5 views

CVE-2026-1232

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

6.8CVSS5.2AI score0.0012EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/14 2:4 p.m.9 views

CUPS: Local denial-of-service via cupsd.conf update and related issues

A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write...

6.7CVSS5.7AI score0.00409EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/02 9:14 p.m.8 views

Bagisto Missing Authentication on Installer API Endpoints

Vulnerable Code File: packages/Ibkul/Installer/src/Routes/Ib.php groupfunction Route::controllerInstallerController::class-\groupfunction Route::get'install', 'index'-\name'installer.index'; Route::middlewareStartSession::class-\prefix'install/api'-\groupfunction Route::post'env-file-setup',...

9.8CVSS7.3AI score0.00583EPSS
Exploits1References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.4 views

Malicious code in flights-lutuig-alnaia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ae3eaf7c599cd54d8f6ed569720a0093fe96e8a0e8252836cd007303838de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.2 views

Malicious code in profound-gray-grasshopper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cbd0fbe549adf9cfbf2db3df1f64377a2540538a34b3a2243167ae9f9d12805 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 7:54 a.m.12 views

CVE-2025-12675

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

4.3CVSS5.1AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38589

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.8.0.15 StorageGRID versions prior to 11.9.0.8 Description StorageGRID formerly StorageGRID Webscale is susceptible to a Reflected Cross-Site Scripting issue. Successful exploitation could allow an attacker to...

6.4CVSS5.6AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2025/05/01 2:15 p.m.3 views

CVE-2024-52976

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations...

7.8CVSS7.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/05 1:53 p.m.6 views

logback-core: arbitrary code execution via JaninoEventEvaluator

A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...

5.9CVSS7.5AI score0.00404EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.6 views

PT-2024-7219 · Siemens · Simatic Reader Rf615R +11

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior...

8.5CVSS7.4AI score0.00407EPSS
Exploits0References5
OSV
OSV
added 2024/04/03 5:15 p.m.1 views

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

8.8CVSS5.9AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2024/02/16 11:15 p.m.4 views

CVE-2024-21984

StorageGRID formerly StorageGRID Webscale versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting XSS vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a...

6.9CVSS6.2AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.9 views

PT-2023-21940 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: ShardingSphere-Agent versions through 5.3.2 Description: The Deserialization of Untrusted Data issue in Apache ShardingSphere-Agent allows attackers to execute arbitrary code by constructing a special YAML configuration file. An attacker must...

8.8CVSS8AI score0.01207EPSS
Exploits0References10
OSV
OSV
added 2023/07/07 4:23 p.m.29 views

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

3.7CVSS4.4AI score0.00318EPSS
Exploits1References5
Rows per page
Query Builder