Lucene search
+L

6554 matches found

Cvelist
Cvelist
added 2026/07/07 2:32 p.m.35 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 2:32 p.m.14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 2:32 p.m.5 views

EUVD-2026-42048

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56193

Name of the Vulnerable Software and Affected Versions Digi PortServer TS affected versions not specified Digi One SP affected versions not specified Digi One SP IA affected versions not specified Digi One IA affected versions not specified Description A stored cross-site scripting XSS issue exist...

4.8CVSS6.1AI score0.00269EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 12:0 a.m.4 views

ALSA-2026:36307 Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References4
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/07/07 12:0 a.m.4 views

ALSA-2026:36211 Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41462

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55335

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the wgagent process. This flaw allows an authenticated privileged user to execute...

8.6CVSS6.3AI score0.00546EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55334

Name of the Vulnerable Software and Affected Versions Fireware OS versions 12.1 through 12.12 Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write occurs in the ikestubd process, which may allow an authenticated privileged user to execute arbitrary code by sending special...

8.6CVSS6.3AI score0.00546EPSS
Exploits0References7
NCSC
NCSC
added 2026/06/30 8:43 p.m.15 views

Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway

Citrix has identified vulnerabilities in NetScaler ADC and NetScaler Gateway that are related to inadequate input validation, incorrect access control, and improper memory release. The vulnerabilities, identified as CVE-2026-8451 and CVE-2026-10817, arise from inadequate input validation, where t...

9.8CVSS6AI score0.00502EPSS
Exploits1References1
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.218 views

Progress Kemp LoadMaster - Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...

10CVSS7.7AI score0.95388EPSS
Exploits9References5
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS0.00554EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 1:16 p.m.12 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.10 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS6AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 3:16 p.m.13 views

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS0.00431EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 1:48 p.m.6 views

CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
Arista
Arista
added 2026/06/23 12:0 a.m.11 views

Security Advisory 0143

Security Advisory 0143 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | Jun 23, 2026 | Initial release Description All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent aka TerminAttr enabled. This issue...

5.9AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:46 p.m.7 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
Rows per page
Query Builder