Lucene search
K

3958 matches found

Nuclei
Nuclei
added 4 hours ago61 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them. id: CVE-2023-1263 info: name: Coming Soon & Maintenance 4.1.7 - Unauthenticated Post/Page Access author: r3Y3r53 severity: medium...

5.3CVSS6.7AI score0.01414EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday159 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.5AI score0.43683EPSS
Exploits5References4
NVD
NVD
added 4 days ago6 views

CVE-2026-55516

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...

7.7CVSS0.00218EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago7 views

CVE-2026-21046

The vulnerability CVE-2026-21046 concerns the fabricKeymaster trustlet. It describes a time-of-check time-of-use race condition that exists prior to the SMR Jul-2026 Release 1. Impact is local: a privileged attacker could execute arbitrary code. The provided sources specify the affected component...

8.4CVSS6.2AI score0.00096EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57270

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An issue exists in the IT asset and license management system where the endpoints 'PATCH /api/v1/maintenances/maintenance id' and 'PUT /api/v1/maintenances/maintenance id' fail to re-authorize asset...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References9
NVD
NVD
added 5 days ago10 views

CVE-2026-0287

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS0.00534EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42672

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS5.9AI score0.00534EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-0287

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS5.9AI score0.00534EPSS
Exploits0References2Affected Software2
CVE
CVE
added 5 days ago17 views

CVE-2026-0287

CVE-2026-0287 describes multiple denial-of-service vulnerabilities in Palo Alto Networks PAN-OS, exploitable by unauthenticated network access to dataplane interfaces. Affected: PAN-OS versions including 10.2.x, 11.1.x, 11.2.x and 12.1.x. Impact: potential DoS with firewall entering maintenance m...

8.7CVSS5.9AI score0.00534EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago60 views

CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS0.00534EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago3 views

kernel: net/ipv6: ioam6: prevent schema length wraparound in trace fill

A flaw was found in the Linux kernel's IPv6 In-situ Operations, Administration, and Maintenance IOAM6 trace fill functionality. An integer overflow vulnerability exists in the ioam6filltracedata function, where the schema length calculation can wrap around due to being stored in an 8-bit unsigned...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56666

Name of the Vulnerable Software and Affected Versions Drupal Raw Formatter Meta Tag Formatter affected versions not specified Description A security issue exists in the Drupal Raw Formatter Meta Tag Formatter module. Recommendations At the moment, there is no information about a newer version tha...

6.1AI score0.00236EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/06 3:10 p.m.12 views

[SECURITY] Fedora 43 Update: sandogasa-0.15.3-2.fc43

A collection of tools and libraries for Fedora package maintenance and contributor activity tracking, built around shared API clients for Bugzilla, Bodhi, NVD, dist-git, Discourse, FASJSON, and HyperKitty. The name sandogasa =E8=8F=85=E7=AC=A0 refers to a Japanese straw hat of ten associated with...

6AI score
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.16 views

[SECURITY] Fedora 44 Update: sandogasa-0.15.3-2.fc44

A collection of tools and libraries for Fedora package maintenance and contributor activity tracking, built around shared API clients for Bugzilla, Bodhi, NVD, dist-git, Discourse, FASJSON, and HyperKitty. The name sandogasa =E8=8F=85=E7=AC=A0 refers to a Japanese straw hat of ten associated with...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:43 p.m.11 views

Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da5dcc405a10775ace9fab68ee0a5ddf9bcad770d29e20f999df6d41072e46b1 On import of dist/server/index.js, a top-level block spawns a detached shell that 1 appends a hardcoded attacker ssh-ed25519 public key comment eni@l...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55660

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description An issue exists in the Streaming Reasoning Tag Filter component within the GatewayStreamConsumer. filter and accumulate function located in the gateway/stream consumer.py file...

3.1CVSS5.8AI score0.00237EPSS
Exploits0References13
NVD
NVD
added 2026/06/29 7:16 a.m.8 views

CVE-2025-2902

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...

8.3CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 5:52 a.m.34 views

CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...

8.3CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 5:52 a.m.7 views

EUVD-2025-210368

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...

8.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder