Lucene search
K

1886 matches found

Nuclei
Nuclei
added 14 hours ago70 views

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

9.8CVSS7.8AI score0.99288EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago12 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.9AI score0.00843EPSS
Exploits0References2
OSV
OSV
added yesterday3 views

UBUNTU-CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-53361

A flaw was found in the Linux kernel's afunix component. A race condition exists within the unixgc garbage collection function where the gcinprogress flag may not be correctly set. This could lead to unixpeekfpl misinterpreting garbage collection status when handling MSGPEEK operations, potential...

7CVSS5.9AI score0.00171EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago59 views

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. id: CVE-2024-4358 info: name: Progress Telerik Report Server - Authenticatio...

9.9CVSS7.4AI score0.97482EPSS
Exploits14References3
Nuclei
Nuclei
added 2 days ago235 views

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

6.1CVSS7AI score0.09642EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2 days ago8 views

SUSE CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41668

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41660

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7
Nuclei
Nuclei
added 3 days ago15 views

Progress ShareFile Storage Zones Controller - Authentication Bypass

Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...

9.8CVSS7.6AI score0.49424EPSS
Exploits1References3
CVE
CVE
added 5 days ago12 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 5 days ago91 views

Progress Kemp Flowmon - Command Injection

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. id: CVE-2024-2389 info: nam...

10CVSS7.5AI score0.93901EPSS
Exploits7References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40906

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/06/30 7:38 a.m.12 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.29641EPSS
Exploits1
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.194 views

Progress Kemp LoadMaster - Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...

10CVSS7.7AI score0.95388EPSS
Exploits9References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:17 a.m.9 views

xfrm: espintcp: do not reuse an in-progress partial send

...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.16 views

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

10CVSS7.7AI score0.9015EPSS
Exploits5References5
EUVD
EUVD
added 2026/06/25 9:31 a.m.8 views

EUVD-2026-39186

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 a.m.9 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

6.5CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.31 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

0.00164EPSS
Exploits0References1
Rows per page
Query Builder