Lucene search
K

1079 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/15 8:40 p.m.3 views

CVE-2026-40173

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...

9.4CVSS5.8AI score0.00509EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/15 6:31 p.m.10 views

EUVD-2026-22938

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

8CVSS6.3AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 12:0 a.m.3 views

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

6.3AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33069

Name of the Vulnerable Software and Affected Versions Windsurf version 1.9544.26 Cursor affected versions not specified VS Code affected versions not specified Claude Code affected versions not specified Gemini-CLI affected versions not specified Description A prompt injection issue allows remote...

8CVSS6.5AI score0.0026EPSS
Exploits0References23
Cvelist
Cvelist
added 2026/04/15 12:0 a.m.20 views

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 12:0 a.m.20 views

CVE-2026-30615

CVE-2026-30615 affects Windsurf 1.9544.26. The connected sources describe a prompt-injection vulnerability that occurs when Windsurf processes attacker-controlled HTML content, enabling remote command execution and manipulation of the local MCP configuration, including automatic registration of a...

8CVSS6.3AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:22 p.m.5 views

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

7.3CVSS5.8AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the POST /reset-profile endpoint, which could allow callers with the...

8.1CVSS5.8AI score0.006EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 9:33 p.m.2 views

EUVD-2026-20544

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

8.5CVSS6AI score0.0116EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.5 views

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

9.8CVSS6.2AI score0.49424EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/02 9:32 p.m.5 views

EUVD-2024-55533

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication handling to obtain elevated...

9.8CVSS6AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 2:16 p.m.4 views

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

9.8CVSS0.49424EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 1:4 p.m.337 views

CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

9.8CVSS0.49424EPSS
Exploits1References1
CVE
CVE
added 2026/04/02 1:4 p.m.26 views

CVE-2026-2699

CVE-2026-2699 affects Progress ShareFile Storage Zones Controller (SZC). An unauthenticated attacker can bypass authentication to access restricted configuration pages (notably via the Admin.aspx path), enabling changes to system configuration and potentially enabling remote code execution. The i...

9.8CVSS6.2AI score0.49424EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/30 6:31 p.m.6 views

EUVD-2026-17107

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

5.9AI score0.08943EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.22 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

0.08943EPSS
Exploits3References2
EUVD
EUVD
added 2026/03/28 6:30 a.m.5 views

EUVD-2025-209110

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

6AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 6:0 a.m.4 views

CVE-2025-15445

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

5.4CVSS6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.6 views

CVE-2021-27388

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control...

9.8CVSS7.5AI score0.01545EPSS
Exploits0References1
Rows per page
Query Builder