Lucene search
K

62108 matches found

Nuclei
Nuclei
added 9 hours ago177 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.4AI score0.97836EPSS
Exploits1References5
Circl
Circl
added 9 hours ago7 views

CVE-2026-14487

creationtimestamp| type| source ---|---|--- 2026-07-08 04:52:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq4d4hox3y2r 2026-07-08 06:00:10+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mq4gw7nccj27 2026-07-08 07:32:06+00:00| seen|...

9.1CVSS5.9AI score
Exploits0References3
NVD
NVD
added 13 hours ago2 views

CVE-2026-55436

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS
Exploits0References5
Circl
Circl
added yesterday3 views

CVE-2026-42958

creationtimestamp| type| source ---|---|--- 2026-07-07 23:49:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3s6sucnj27...

8.4CVSS5.9AI score
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-14380

creationtimestamp| type| source ---|---|--- 2026-07-07 22:59:45+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mq3pggr5xk24 2026-07-08 00:00:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq3stiucln2f 2026-07-08 00:00:45+00:00| seen|...

5.9AI score
Exploits0References5
Circl
Circl
added yesterday5 views

CVE-2026-14895

creationtimestamp| type| source ---|---|--- 2026-07-07 22:54:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mq3p5hmule2k 2026-07-08 01:04:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3wfdvxtp2g...

5.9AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-59706

creationtimestamp| type| source ---|---|--- 2026-07-07 21:50:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3lju4gqu2f 2026-07-07 23:40:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rokhsrv2g...

9.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-50529

CVE-2026-50529 affects DataEase prior to version 2.10.24. The /de2api/share/proxyInfo interface incorrectly generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket, enabling unauthenticated attackers who know a protected share UUID to obtain a valid link token for ...

8.7CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday18 views

CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS6AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-57172 DataEase: Hardcoded JWT Signing Secret in ShareLink

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS
Exploits0References2
Circl
Circl
added yesterday7 views

CVE-2026-59800

creationtimestamp| type| source ---|---|--- 2026-07-07 19:33:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3dwalhqt22 2026-07-07 20:35:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-g6g7-pvmx-m74p 2026-07-07 20:52:05+00:00| seen|...

9.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday92 views

D-Link DNS-320 - Remote Code Execution

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...

10CVSS7.2AI score0.8721EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday54 views

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...

10CVSS8AI score0.7747EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday87 views

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

9.8CVSS7.5AI score0.80682EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday39 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS7.1AI score0.72495EPSS
Exploits1References5
Rows per page
Query Builder