Lucene search
K

319 matches found

cnnvd
cnnvd
added 2026/06/02 12:0 a.m.12 views

openshift Red Hat OpenShift Container Platform 4 配置错误漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

8.8CVSS5.9AI score0.0015EPSS
Exploits0References5
osv
osv
added 2026/06/01 2:23 p.m.12 views

GHSA-RCMC-Q9RJ-4WMQ praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. The...

6.5CVSS6AI score0.00029EPSS
Exploits0References2
pypa
pypa
added 2026/06/01 9:16 a.m.11 views

PYSEC-2026-184

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
packetstorm
packetstorm
added 2026/06/01 12:0 a.m.78 views

📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

6.3AI score0.01314EPSS
Exploits5
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.20 views

PT-2026-45484

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. T...

6.5CVSS6AI score0.00029EPSS
Exploits0References3
packetstorm
packetstorm
added 2026/06/01 12:0 a.m.78 views

📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

5.7AI score
Exploits0
euvd
euvd
added 2026/05/28 8:41 p.m.13 views

EUVD-2026-33054

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.00456EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/28 8:27 a.m.25 views

CVE-2026-6226 Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

8.8CVSS5.9AI score0.00433EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.13 views

PT-2026-44544

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.00456EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/27 8:6 a.m.12 views

CVE-2026-40852 Command injection via malicious configuration

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...

7.2CVSS6AI score0.0037EPSS
Exploits0References1
nvd
nvd
added 2026/05/26 6:16 p.m.14 views

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

8.1CVSS0.00234EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/05/26 6:16 p.m.15 views

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

8.1CVSS6AI score0.00234EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/26 12:0 a.m.41 views

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

0.00234EPSS
Exploits0References2
euvd
euvd
added 2026/05/26 12:0 a.m.16 views

EUVD-2026-31948

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

8.1CVSS6AI score0.00234EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/26 12:0 a.m.7 views

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

6AI score0.00234EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.16 views

PT-2026-43354

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description A configuration injection issue exists in the Juniper router integration plugin. In the file src/juniper plugin/fastnetmon juniper.php, the variable IP ATTACK received from argv1...

8.1CVSS6AI score0.00234EPSS
Exploits0References17
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.11 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the lack of validation or cleaning of IP address variables in the...

8.1CVSS5.8AI score0.00234EPSS
Exploits0References2
debiancve
debiancve
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

8.1CVSS6AI score0.00234EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in unbound

Before version 1.9.5, Unbound allowed configuration injection in the createunboundadservers.sh script after a successful man-in-the-middle attack on a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contribute...

5.9CVSS6.8AI score0.01339EPSS
Exploits0References2
Rows per page
Query Builder