Lucene search
K

18647 matches found

NVD
NVD
added 2026/05/07 4:16 p.m.10 views

CVE-2026-5786

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access...

8.8CVSS0.00714EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38451

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote authenticated attacker to gain administrative access. Recommendations Upda...

8.8CVSS6AI score0.00714EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/30 6:35 p.m.7 views

EUVD-2026-26412

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 7:41 p.m.3 views

CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.8 views

PT-2026-33604

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/04/16 4:40 a.m.8 views

CVE-2023-3634

The CVE-2023-3634 issue affects Festo MSE6-C2M/D2M/E2M in the MSE6 product-family. A remote authenticated, low-privileged attacker could use functions in an undocumented test mode, potentially causing a complete loss of confidentiality, integrity and availability. Affected components: MSE6-C2M, M...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:15 p.m.5 views

CVE-2026-4914

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 2:15 p.m.9 views

CVE-2026-4914

Ivanti N‑ITSM is affected (before version 2025.4) by a Stored XSS vulnerability that requires user interaction and authenticated access. An attacker can remotely obtain limited information from other user sessions, with a Confidentiality impact of Low and no Availability impact (CVSS v3.1 base 5....

5.4CVSS5.8AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 2:10 p.m.23 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS0.00586EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 2:10 p.m.4 views

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 2:10 p.m.11 views

CVE-2026-4913

CVE-2026-4913 involves Ivanti N-ITSM prior to 2025.4, where an improper protection of an alternate path could let a remote authenticated attacker retain access even after their account is disabled. The CVSS 3.1 base metrics reflect a Network attack vector with low attack complexity and required p...

5.7CVSS5.8AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2026/04/13 2:33 p.m.3 views

JLSEC-2026-92

lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...

6.5CVSS7AI score0.02107EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/09 3:35 p.m.4 views

EUVD-2026-20908

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.1AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 3:16 p.m.8 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.2CVSS0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 2:27 p.m.4 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

5.8AI score0.00417EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:27 p.m.2 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.1AI score0.00417EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:22 p.m.2 views

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

7.1AI score0.00613EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 p.m.3 views

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS0.00994EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 9:25 p.m.10 views

CVE-2026-5707

Technical details (vulnerable component, root cause, affected versions, exploitation) are not publicly provided in the supplied documents. Monitor for updates.

8.8CVSS6.2AI score0.00994EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder