Lucene search
K

73227 matches found

BDU FSTEC
BDU FSTEC
added yesterday13 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
CVE
CVE
added yesterday445 views

CVE-2026-55808

Drupal core is affected by CVE-2026-55808, a Cross-Site Scripting (XSS) vulnerability caused by improper validation in content uploads. The JSON:API and REST modules allow image files to be uploaded to image fields; validation checks only file extensions and not MIME types, which could let a non-...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-58588

CVE-2026-58588 concerns the Drupal Canvas module. The issue is an improper validation of uploaded files: Canvas’s API checks only file extensions, not MIME types, which can allow non-image files to be uploaded and served with image/MIME types in certain server setups, enabling cross‑site scriptin...

6.1AI score
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2025-30007

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS
Exploits0References4
CVE
CVE
added yesterday5 views

CVE-2025-30007

HestiaCP prior to 1.9.5 is affected by an authenticated OS command injection via DNS record management. The vulnerability stems from insufficient input validation in is_dns_record_format_valid() and unsafe eval-based parsing in update_domain_zone(), which can allow a low-privilege authenticated u...

8.8CVSS6.6AI score
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS0.00139EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47240

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the...

6.1CVSS6.2AI score0.00491EPSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-42839

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00139EPSS
Exploits0References2Affected Software1
NCSC
NCSC
added yesterday5 views

Vulnerabilities found in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust has identified vulnerabilities in the products Remote Support and Privileged Remote Access. These vulnerabilities involve multiple aspects of these products. There is a pre-authentication vulnerability that allows a network-based attacker to bypass authentication checks without prior...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-42827

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-21057

CVE-2026-21057 concerns Samsung Pass: improper input validation in the product prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. Affected component: Samsung Pass binary/feature set; root cause: input validation flaw leading to memory corruption with LOCAL ...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42823

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-21053

CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...

5.1CVSS6AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder