Lucene search
K

22560 matches found

CVE
CVE
added yesterday3 views

CVE-2026-58477

SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...

8.8CVSS6.1AI score
Exploits2References2Affected Software1
CVE
CVE
added yesterday18 views

CVE-2026-10577

The CVE-2026-10577 entry concerns the 1715-AENTR EtherNet/IP Adapter, where a network-accessible debug port does not enforce proper privilege controls. This allows unauthenticated remote access to destructive CLI commands, potentially enabling read/delete of files, stopping tasks, memory modifica...

10CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday18 views

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

9.8CVSS6.2AI score0.34346EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday9 views

Mitel 6000 - OS Command Injection

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

6.5CVSS7.1AI score0.47629EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7AI score0.1591EPSS
Exploits0References2
Zero Science Lab
Zero Science Lab
added yesterday27 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score
Exploits2
NVD
NVD
added 2 days ago4 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-22103

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score0.0131EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-22096

CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-22095

The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...

9.3CVSS6.1AI score0.00976EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago99 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7AI score0.73267EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57672

Name of the Vulnerable Software and Affected Versions EVbee DC-80 affected versions not specified Description The built-in web server running on port 8090 lacks authentication. This flaw allows unauthorized access to sensitive information, including configured passwords and stored credentials, an...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder