Lucene search
K

534 matches found

RedhatCVE
RedhatCVE
added 2026/01/16 8:38 a.m.6 views

CVE-2026-0532

A flaw was found in Kibana. This vulnerability allows an authenticated attacker, with privileges to create or modify connectors, to disclose arbitrary files. The attacker achieves this by submitting a specially crafted configuration for the Google Gemini connector, which the server processes...

8.6CVSS6AI score0.00417EPSS
Exploits1References4
CVE
CVE
added 2026/01/16 6:43 a.m.18 views

CVE-2025-14793

CVE-2025-14793 affects the DK PDF – WordPress PDF Generator plugin for WordPress (versions up to 2.3.0). It enables Server-Side Request Forgery via addContentToMpdf, exploitable by authenticated users at author level+. Impact could include querying or modifying internal service data. Wordfence no...

5CVSS5.4AI score0.00242EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.19 views

Kibana 8.x < 8.19.10 / 9.1.x < 9.1.10 / 9.2.x < 9.2.4 (ESA_2026_05)

The version of Kibana installed on the remote host is prior to 8.19.10, 9.1.10, or 9.2.4. It is, therefore, affected by a vulnerability as referenced in the ESA202605 advisory. - An external control of file name or path combined with a server-side request forgery SSRF vulnerability exists in the...

8.6CVSS5.9AI score0.00417EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/14 5:21 p.m.9 views

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

9.8CVSS7.7AI score0.42649EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.6 views

PT-2026-2849

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 8.19.10 Kibana versions prior to 9.1.10 Kibana versions prior to 9.2.4 Description An issue exists in Kibana where External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allo...

8.6CVSS6.3AI score0.00417EPSS
Exploits1References17
OSV
OSV
added 2026/01/13 5:15 p.m.5 views

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

9.8CVSS6AI score0.42649EPSS
Exploits4References3
Cvelist
Cvelist
added 2026/01/13 4:32 p.m.31 views

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

9.8CVSS0.42649EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.10 views

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM versions 7.4.0, 7.3.0 through 7.3.4, 7.1.0 through 7.1.8...

9.8CVSS6.1AI score0.42649EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.13 views

CVE-2023-25583

Two OS command injection vulnerabilities exist in the zebra vlanname functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch...

7.2CVSS7.6AI score0.03543EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-50239

Two stack-based buffer overflow vulnerabilities exist in the boa setRadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these...

7.2CVSS8.4AI score0.01413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.11 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

9.8CVSS7.1AI score0.03356EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.7 views

Mastodon 代码问题漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A code issue vulnerability exists in Mastodon versions prior to 4.5.4, prior to 4.4.11, prior to 4.3.17, and prior to 4.2.29, which stems from the lack of an IP address range restriction that could...

7.5CVSS6.5AI score0.00247EPSS
Exploits0References5
Veracode
Veracode
added 2025/12/13 7:53 a.m.6 views

Server-Side Request Forgery (SSRF)

Keras is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the StringLookup layer during model loading from a crafted .keras archive, which allows an attacker to supply local or remote file paths as vocabulary inputs and exploit tf.io.gfile behavior ...

5.9CVSS7.7AI score0.00239EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 4:48 a.m.11 views

XML External Entity (XXE) Injection

Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...

9.8CVSS7.3AI score0.01215EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/11/07 11:46 p.m.3 views

Access Control Bypass

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the Network.loadNetworkResource method of the DevTools protocol network handler. An attacker can exfiltrat...

5.3CVSS6.4AI score0.00191EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/21 8:2 p.m.0 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Server: DML component. A high privileged attacker can cause the server to hang or crash, and perform unauthorized update, insert, or delete operations on accessible data by sending crafted requests over the...

7CVSS6.7AI score0.00438EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/08 2:13 p.m.4 views

CVE-2025-54404

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

8.8CVSS7.9AI score0.03636EPSS
Exploits1References1
NVD
NVD
added 2025/10/07 2:15 p.m.5 views

CVE-2025-54404

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

8.8CVSS0.03636EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-18384

Malware in sbrugna...

5.9CVSS5.9AI score0.02317EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-16817

Malware in sbrugna...

5.3CVSS7.4AI score0.01565EPSS
Exploits0References8
Rows per page
Query Builder