Lucene search
K

1260 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 1:44 p.m.8 views

CVE-2026-53480

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains a path traversal vulnerability due to an improper limitation of a pathname to a restricted directory. A high-privilege attacker with remote access could po...

2.7CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/03 3:16 p.m.9 views

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...

7.2CVSS0.01216EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 2:16 p.m.16 views

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.8 views

CVE-2026-54406

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS0.00325EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 7:33 a.m.6 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS6.8AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49981

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system,...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49846

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A high privileged...

9.1CVSS5.8AI score0.00486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.14 views

keycloak: Keycloak: Denial of Service via malformed LDAP password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.5AI score0.00476EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/09 8:33 p.m.5 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

9.9CVSS6.5AI score0.00555EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Visual Studio Code 代码注入漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a code injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges...

7.8CVSS5.5AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 3:49 p.m.8 views

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/05 3:49 p.m.12 views

EUVD-2025-210076

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 3:44 p.m.6 views

CVE-2025-5089

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.18 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:42 a.m.24 views

EUVD-2026-32718

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:42 a.m.59 views

CVE-2026-9801

CVE-2026-9801 affects Keycloak. A remote attacker with high privileges (e.g., a realm administrator configuring a malicious LDAP server or compromising an upstream LDAP server) can trigger an OutOfMemoryError by sending a malformed LDAP password policy response during authentication, causing the ...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/28 4:18 a.m.7 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the LDAP federation BER decoder. An attacker can cause the Java Virtual Machine to terminate and disrupt service availability by sending a malformed LDAP password-policy response...

6.9CVSS5.5AI score0.00476EPSS
Exploits0References2
Rows per page
Query Builder