Lucene search
K

443 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/18 1:16 a.m.5 views

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 5:30 a.m.5 views

CVE-2026-6025 Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS7.1AI score0.03EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-31887

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU router. The setVpnAccountCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to OS command...

10CVSS7.3AI score0.02981EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/08 5:53 p.m.21 views

CVE-2026-30816 Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

6.8CVSS0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31409

Name of the Vulnerable Software and Affected Versions TP-Link AX53 versions prior to 1.7.1 Build 20260213 Description A configuration issue in the OpenVPN module allows a nearby attacker with access to read arbitrary files when a malicious configuration file is processed. Successful exploitation...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior to the version v1.0 1.7.1 Build 20260213, the TP-Link Archer AX53 had a security vulnerability. This vulnerability stemmed from an issue with the external configuration control of the OpenVPN module, which could...

6.8CVSS5.9AI score0.00276EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:32 p.m.2 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.2AI score0.00815EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/06 6:15 p.m.10 views

CVE-2026-5676

The vulnerability CVE-2026-5676 affects Totolink A8000R (firmware 5.9c.681_B20180413). The issue is in the CGI endpoint /cgi-bin/cstecgi.cgi, specifically the setLanguageCfg function where manipulating the langType argument leads to missing authentication. This enables a remote attacker to levera...

7.5CVSS6.8AI score0.00405EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Tenda AC8 操作系统命令注入漏洞

The Tenda AC8 is a wireless router produced by the Chinese company Tenda. The version 16.03.50.11 of the Tenda AC8 has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “wans.policy.list1” in the /cgi-bin/UploadCfg fil...

7.2CVSS5.8AI score0.06532EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25837

Name of the Vulnerable Software and Affected Versions KeePassXC affected versions not specified Description KeePassXC installations are susceptible to local privilege escalation. An attacker who can execute low-privileged code may be able to gain elevated access. This issue is related to the...

7.3CVSS7.1AI score0.00226EPSS
Exploits0References10
OSV
OSV
added 2026/03/04 1:15 p.m.4 views

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...

6.7CVSS5.8AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 8:21 p.m.14 views

CVE-2026-28271

Kiteworks Core (PDN) prior to version 9.2.0 contains a SSRF bypass vulnerability in configuration functionality exploitable via DNS rebinding, allowing access to restricted internal services. Patch available in 9.2.0. Exploitation details are not provided in the documents; no explicit in-the-wild...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

GFI Archiver 代码问题漏洞

GFI Archiver is an email archiving software developed by GFI Corporation. It is used to protect, store, and retrieve your electronic communications. GFI Archiver has a code vulnerability that stems from a lack of data validation for data provided to users during the configuration of the...

8.8CVSS7.6AI score0.01075EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/16 4:32 a.m.7 views

CVE-2026-2535 Comfast CF-N1 V2 mbox-config sub_44AB9C command injection

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS5.5AI score0.14018EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/02/14 6:0 p.m.224 views

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Exploit Chain This exploit was...

7.8CVSS5.4AI score0.00957EPSS
Exploits19
GithubExploit
GithubExploit
added 2026/02/11 12:51 a.m.153 views

Exploit for Incorrect Authorization in Suse Pam-Config

No d...

7.8CVSS5.4AI score0.00957EPSS
Exploits19
OSV
OSV
added 2026/02/03 6:16 p.m.5 views

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 5:44 p.m.5 views

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

5.5CVSS5.4AI score0.00148EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/03 5:44 p.m.4 views

EUVD-2025-206681

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

5.5CVSS5.4AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 5:44 p.m.19 views

CVE-2025-52627

CVE-2025-52627 affects HCL AION (AI lifecycle management platform) 2.0, where the root filesystem is not mounted read-only, allowing unintended modifications to critical system files and potential system compromise. Connected sources corroborate the issue and cite root-file-system write access as...

7.5CVSS5.4AI score0.00148EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder