Lucene search
K

311 matches found

CVE
CVE
added yesterday6 views

CVE-2026-59712

According to the connected NVD records, CVE-2026-59712 affects Leantime’s JSON-RPC API via the Users::getUser method. The vulnerability arises from missing authorization checks, enabling authenticated users to call users.getUser with arbitrary user IDs and enumerate accounts. The outcome is expos...

8.6CVSS6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago2 views

Quest NetVault Backup Server < 14.0.2 Multiple Vulnerabilities

The version of Quest NetVault Backup Server running on the remote host is prior to 14.0.2. It is, therefore, affected by multiple vulnerabilities, including: - A cross-site scripting vulnerability in the viewclient webpage that allows remote attackers to bypass authentication. User interaction is...

8.8CVSS7.1AI score0.01373EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.4AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 12:17 a.m.7 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.11 views

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.8 views

CVE-2026-9787

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.01373EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.7 views

CVE-2026-7570

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.35 views

CVE-2026-9784 Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.30 views

CVE-2026-9783 Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.36 views

CVE-2026-9782 Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52152

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULogDaemon JSON-RPC messages allows remote attackers to execute arbitrary code in the context of SYSTEM. The issue stems from insufficient...

8.8CVSS7.6AI score0.01373EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52147

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52149

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibraryPort JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/06/09 4:4 p.m.9 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/06/07 3:16 a.m.12 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/07 2:15 a.m.6 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
CVE
CVE
added 2026/06/07 2:15 a.m.50 views

CVE-2026-11449

GL.iNet GL-MT3000 (v4.4.5) is affected by a remote command injection in LuCI JSON-RPC Interface, via the rpc_sys function in /cgi-bin/luci/rpc. Root cause is not explicitly stated beyond the vulnerability description; CVSS metrics in the connected sources indicate MEDIUM severity (CVSSv3.1 base 6...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
Rows per page
Query Builder