Lucene search
K

563 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43379

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

5.1CVSS5.2AI score0.00219EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

ThingsBoard 代码注入漏洞

ThingsBoard is a Java-based platform developed by the ThingsBoard team, used for monitoring, managing, and data collection of IoT devices. Versions of ThingsBoard 4.3.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the...

5.1CVSS6.1AI score0.00219EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.12 views

CVE-2026-35469 affecting package docker-compose for versions less than 2.27.0-10

CVE-2026-35469 affecting package docker-compose for versions less than 2.27.0-10. A patched version of the package is available...

8.7CVSS5.8AI score0.00656EPSS
Exploits0
OSV
OSV
added 2026/05/18 1:51 p.m.8 views

CLEANSTART-2026-FK40318 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33747, CVE-2026-33748, CVE-2026-34040, CVE-2026-39882, CVE-2026-39883, ghsa-4c29-8rgm-jvjj, ghsa-4vrq-3vrq-g6gg, ghsa-hfvc-g4fc-pqhx, ghsa-p77j-4mvh-x3m3, ghsa-w8rr-5gcm-pp58 applied in versions: 5.1.0-r0

Multiple security vulnerabilities affect the docker-compose package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.1AI score0.08123EPSS
Exploits3References32
GithubExploit
GithubExploit
added 2026/05/18 12:59 a.m.96 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

10CVSS7.4AI score0.99999EPSS
Exploits352
GithubExploit
GithubExploit
added 2026/05/15 12:26 p.m.77 views

SECpocs

Next.js React Server Components RCE Exploit Exploits CVE-2025...

10CVSS6.4AI score0.99562EPSS
Exploits374
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Fedora 45 : docker-compose (2026-f5bc7ff320)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f5bc7ff320 advisory. Automatic update for docker-compose-5.1.3-1.fc45. Changelog Wed Apr 15 2026 Bradley G Smith - 5.1.3-1 - Update to release v5.1.3 - Resolves...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/13 5:2 a.m.250 views

Exploit for Server-Side Request Forgery in Internlm Lmdeploy

CVE-2026-33626 — LMDeploy Vision-Language SSRF Lab Overvie...

7.5CVSS5.8AI score0.4525EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39734

Name of the Vulnerable Software and Affected Versions SOCFortress CoPilot versions prior to 0.1.57 Description The application contains a hardcoded JSON Web Token JWT signing secret used as a fallback value in the backend/app/auth/utils.py file and the .env.example file. In deployments where the...

10CVSS5.8AI score0.0044EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/09 5:14 p.m.174 views

Exploit for Improper Input Validation in Postgresql

CVE-2018-1058 — PostgreSQL Search Path Demonstration This rep...

8.8CVSS5.8AI score0.14142EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.15 views

CVE-2026-39882 affecting package docker-compose for versions less than 2.27.0-9

CVE-2026-39882 affecting package docker-compose for versions less than 2.27.0-9. A patched version of the package is available...

5.3CVSS5.8AI score0.0019EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.10 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/08 6:5 a.m.90 views

vulnerability-lab

🔐 Vulnerability Lab Buffer Overflow + SQLi ⚠️ FOR EDUCATI...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/07 6:20 a.m.106 views

aerobi-poc

Aerobi POC — Simulação local de monitoramento de câmeras Labo...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/06 7:16 p.m.10 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS0.00347EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 6:37 p.m.11 views

CVE-2026-41930

Vvveb

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 6:37 p.m.10 views

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:37 p.m.7 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Vvveb 访问控制错误漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained an access control vulnerability. This vulnerability stemmed from hard-coded credentials in the...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38219

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References12
Rows per page
Query Builder