Lucene search
K

458032 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49827

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...

9.1CVSS6.2AI score0.00921EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-50116

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS5.4AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50176

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...

9.9CVSS6.2AI score0.00394EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.20 views

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-8431-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8431-1 advisory. It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuin...

9.8CVSS5.7AI score0.00429EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...

8.8CVSS6.3AI score0.00782EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

Debian dla-4632 : atril - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4632 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/...

8.4CVSS5.3AI score0.00529EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49619

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro get overall chart data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to json...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50172

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 11:16 p.m.15 views

CVE-2026-48723

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

7.8CVSS0.00533EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/15 10:39 p.m.8 views

Important: Red Hat Security Advisory: Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

9.2CVSS6AI score0.00848EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/15 10:27 p.m.7 views

EUVD-2026-37017

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

7.8CVSS5.4AI score0.00533EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 10:27 p.m.31 views

CVE-2026-48723 BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

7.8CVSS0.00533EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 10:27 p.m.21 views

CVE-2026-48723

BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....

7.8CVSS5.5AI score0.00533EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:20 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CVE-2026-0636)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-0636. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP...

6.9CVSS4.8AI score0.00527EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/15 10:16 p.m.13 views

CVE-2026-48017

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...

8.8CVSS0.0051EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/06/15 10:9 p.m.55 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 9:57 p.m.57 views

Exploit for CVE-2026-54597

CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...

5.9AI score
Exploits1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36908

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36980

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
Rows per page
Query Builder