Lucene search
K

457866 matches found

CVE
CVE
added 2026/06/16 6:36 p.m.8 views

CVE-2026-22313

The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 6:36 p.m.22 views

CVE-2026-22313 OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:34 p.m.13 views

CVE-2026-12425

CVE-2026-12425 is a reflected/DOM-based XSS in PowerSchool Employee Access Center 23.10. The issue allows injection of JavaScript after the login URL that can be eval()’d in the user’s browser context, enabling an attacker to run code with the user’s privileges. The CVSS metrics indicate network ...

7.4CVSS5.5AI score0.00149EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:26 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

7.5CVSS6.3AI score0.00864EPSS
Exploits3Affected Software1
CVE
CVE
added 2026/06/16 6:24 p.m.15 views

CVE-2026-10303

CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...

7.4CVSS5.5AI score0.00757EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/16 6:24 p.m.20 views

CVE-2026-10303 ServerCo getssl ACME shell script path injection

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/16 6:5 p.m.7 views

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS5.3AI score0.00124EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 5:51 p.m.8 views

n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database...

9.9CVSS5.7AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 5:51 p.m.6 views

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

9.9CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/06/16 5:41 p.m.14 views

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...

6.5AI score
Exploits0
NVD
NVD
added 2026/06/16 5:16 p.m.15 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/16 4:8 p.m.9 views

EUVD-2026-37129

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.3AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 4:8 p.m.12 views

CVE-2026-24155

CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/16 4:8 p.m.25 views

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 3:16 p.m.10 views

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 3:7 p.m.5 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF04 Vulnerability Details CVEID:CVE-2026-6638 DESCRIPTION: SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute...

8.8CVSS7.3AI score0.00668EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:57 p.m.7 views

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/16 2:52 p.m.8 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 2:52 p.m.29 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References2
Rows per page
Query Builder