Lucene search
K

22173 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-5826

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS6.5AI score0.00453EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6274

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6276

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description Qwik City’s server-side request handler inconsistently interprets HTTP request headers. This can be exploited by a remote attacker to bypass Cross-Site Request Forgery CSRF protections on forms using...

5.9CVSS5.6AI score0.00159EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/02/02 11:28 p.m.4 views

CVE-2025-61634 HTML rest endpoint needs PoolCounter and proper parser cache check

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.3AI score0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 11:28 p.m.5 views

CVE-2025-61634

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.3AI score0.00273EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/02 8:50 p.m.11 views

picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

5.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/02 8:50 p.m.5 views

GHSA-M7J5-R2P5-C39R picklescan vulnerable to arbitrary file create using logging.FileHandler

Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...

6.9CVSS5.8AI score0.00288EPSS
Exploits1References5
NVD
NVD
added 2026/02/02 1:15 a.m.11 views

CVE-2026-1735

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

4.6CVSS0.01067EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:32 a.m.5 views

CVE-2026-1736

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...

6.9CVSS5.5AI score0.00609EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/02 12:32 a.m.29 views

CVE-2026-1736 Open5GS SGWC s11-handler.c assertion

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...

6.9CVSS0.00609EPSS
Exploits1References7
EUVD
EUVD
added 2026/02/02 12:32 a.m.10 views

EUVD-2026-5115

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...

6.9CVSS5AI score0.00609EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:2 a.m.5 views

CVE-2026-1735

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

4.6CVSS5.6AI score0.01067EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/02 12:2 a.m.33 views

CVE-2026-1735 Yealink MeetingBar A30 Diagnostic command injection

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

4.6CVSS0.01067EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/02 12:2 a.m.9 views

EUVD-2026-5110

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

4.6CVSS5AI score0.01067EPSS
Exploits0References4
CVE
CVE
added 2026/02/02 12:2 a.m.26 views

CVE-2026-1735

The vulnerability CVE-2026-1735 affects Yealink MeetingBar A30 running version 133.321.0.3, specifically a weakness in the Diagnostic Handler that allows command injection. The attack is feasible on the physical device, and a public exploit is available per the description. The vendor was not res...

4.6CVSS5.6AI score0.01067EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.5 views

Yii Framework 2.0.9 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Yii Framework version 2.0.9 and earlier versions before 2.0.14. The vulnerability exists in the error handler component. This issue is older research added to the archive...

7.5CVSS4.9AI score0.02913EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-5589

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc s11 handle create indirect data forwarding tunnel request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely...

6.9CVSS5.5AI score0.00609EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.3 views

PT-2026-5590

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc s5c handle create bearer request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the...

6.9CVSS5.8AI score0.00492EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.12 views

PT-2026-5588

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

4.6CVSS5.6AI score0.01067EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

Yealink MeetingBar A30 命令注入漏洞

The Yealink MeetingBar A30 is a video conference terminal produced by the Chinese company Yealink. The Yealink MeetingBar A30 version 133.321.0.3 has a command injection vulnerability. This vulnerability stems from certain unknown processing steps in the Diagnostic Handler component, which may le...

4.6CVSS5.8AI score0.01067EPSS
Exploits0References4
Rows per page
Query Builder