Lucene search
+L

623 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 11:56 a.m.2 views

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS5.8AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 11:56 a.m.32 views

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 11:56 a.m.9 views

CVE-2026-2449

CVE-2026-2449 affects upKeeper Instant Privilege Access (upKeeper Solutions) up to version 1.5.0. The issue is described as improper neutralization of argument delimiters in a command (argument injection) vulnerability, enabling hijacking of a privileged thread of execution. CVSS4 base score is 9...

9CVSS5.8AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.15 views

PT-2026-32570

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32620

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.5.0 Description Improper neutralization of argument delimiters in a command, known as argument injection, allows low-privilege users to hijack a privileged thread of execution. This can lea...

9CVSS5.8AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32623

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

upKeeper Instant Privilege Access 安全漏洞

UpKeeper Instant Privilege Access is a privilege management system developed by the Swedish company UpKeeper. Versions of UpKeeper Instant Privilege Access prior to 1.5.0 contained security vulnerabilities. These vulnerabilities were due to improper use of simulations in .NET, which could lead to...

7.4CVSS5.9AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/11 12:14 a.m.30 views

CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Juju 安全漏洞

Juju is a open-source application orchestration engine developed by Canonical Juju. Vulnerabilities existed in versions prior to Juju 2.9.57 and 3.6.21. These vulnerabilities were due to authorization issues, which could allow low-privilege users to access sensitive credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References3
Qualys Blog
Qualys Blog
added 2026/04/09 3:0 p.m.11 views

12 Best Practices for Securing AWS Cloud in 2026

Key Takeaways Securing AWS cloud in 2026 depends on continuous, risk-based governance rather than isolated tools or one-time checks. Most cloud security incidents stem from customer-side issues such as identity misuse, misconfigurations, and exposed workloads. Effective security for AWS cloud...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.11 views

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, a US-based company. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interfaces...

6.8CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

OrangeHRM 安全漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained security...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 10:7 a.m.16 views

CVE-2026-24096

CVE-2026-24096 affects Checkmk and stems from insufficient permission validation on multiple REST API Quick Setup endpoints. The vulnerability allows low-privileged users to perform unauthorized actions or obtain sensitive information in Checkmk 2.5.0 (beta) before 2.5.0b2 and 2.4.0 before 2.4.0p...

8.8CVSS5.9AI score0.00236EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/03/30 12:0 a.m.7 views

NoMachine External Control of File Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command li...

7.8CVSS6.2AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.7 views

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

8.1CVSS5.8AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-23814

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 4:53 p.m.5 views

EUVD-2026-14936

Craft CMS: Low-privilege users could read private asset contents when editing an asset IDOR...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 10:7 p.m.7 views

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

6.1CVSS6AI score0.00381EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 10:7 p.m.12 views

EUVD-2026-13316

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

6.8CVSS5.8AI score0.00381EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 1:16 a.m.9 views

CVE-2026-27247

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
Rows per page
Query Builder