Lucene search
K

457709 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2021-23853)

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

9.8CVSS8.5AI score0.00856EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

RHEL 9 : dracut (RHSA-2026:26533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26533 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50607

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...

6.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

RockyLinux 8 : hplip (RLSA-2026:26335)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26335 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

9.8CVSS6.4AI score0.01333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50331

Name of the Vulnerable Software and Affected Versions Geo Mashup versions prior to 1.13.20 Description An SQL injection flaw exists in the Geo Mashup plugin, which allows users with subscriber privileges to execute unauthorized SQL commands. Recommendations Update to version 1.13.20 or later...

8.5CVSS6AI score0.00332EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/17 12:0 a.m.14 views

Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
AlmaLinux
AlmaLinux
added 2026/06/17 12:0 a.m.30 views

Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 11:6 p.m.2 views

OPENSUSE-SU-2026:20970-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References22
OSV
OSV
added 2026/06/16 11:5 p.m.2 views

SUSE-SU-2026:22149-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References23
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 9:25 p.m.22 views

CVE-2026-25470 WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

10CVSS0.00414EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:25 p.m.19 views

CVE-2026-25470

CVE-2026-25470 : Unauthenticated RCE in WordPress ACPT (Pro) – Custom Post Types Plugin for WordPress (ACPT) 2.0.47 if available; no public patch details provided in the documents. Exploitation status is not provided in the connected documents. Monitor for updates and vendor advisories for a con...

10CVSS5.4AI score0.00414EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:23 p.m.21 views

CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

8.5CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:23 p.m.11 views

CVE-2026-49073

Summary: CVE-2026-49073 affects the WordPress plugin Directorist Booking (wpWax Directorist Booking) versions up to 3.0.3. The issue is an SQL Injection in the plugin, allowing blind SQL injection through improper neutralization of special elements in SQL commands. The CVSSBase score is 8.5 (HIGH...

8.5CVSS5.6AI score0.00205EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 9:13 p.m.10 views

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

9.6CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:3 p.m.33 views

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 9:3 p.m.17 views

CVE-2026-11409

The CVE-2026-11409 entry concerns an authenticated OS command injection in the IPv6 PPPoE configuration handler of TL-WR940N v6. The vulnerability arises from improper sanitization of user input, allowing an authenticated attacker with administrative access to execute arbitrary system commands wi...

8.5CVSS5.8AI score0.02787EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:3 p.m.19 views

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
Rows per page
Query Builder