Lucene search
K

16978 matches found

RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.6 views

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

10CVSS8.2AI score0.01508EPSS
Exploits0References1
OSV
OSV
added 2026/01/16 7:16 p.m.6 views

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS6AI score0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.2 views

CVE-2021-47842 StudyMD 0.3.2 - Persistent Cross-Site Scripting

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...

7.2CVSS7.1AI score0.00409EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.3 views

CVE-2021-47840 Moeditor 0.2.0 - Persistent Cross-Site Scripting

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...

7.2CVSS7.2AI score0.00409EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 11:59 a.m.7 views

OESA-2026-1116 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

7.8CVSS7.3AI score0.00544EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/01/16 10:20 a.m.150 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 - WSUS / SCCM RCE Based on the original exploi...

9.8CVSS7.3AI score0.99962EPSS
Exploits24
Huntr
Huntr
added 2026/01/16 8:47 a.m.11 views

H2O-3 PostgreSQL Driver RCE - Bypassing CVE-2025-6544 Mitigation

Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The current security mitigation implemented in H2O-3 relies on a parameter blacklist mechanism that exclusively targets MySQL JDBC...

9.8CVSS6.9AI score0.00938EPSS
Exploits2
OSV
OSV
added 2026/01/16 2:16 a.m.4 views

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

10CVSS6.4AI score0.01508EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 12:4 a.m.27 views

CVE-2025-61937 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

10CVSS0.01508EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 12:4 a.m.5 views

CVE-2025-61937 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

10CVSS7.8AI score0.01508EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 12:4 a.m.20 views

CVE-2025-61937

CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...

10CVSS7.8AI score0.01508EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

SnipCommand security vulnerability

SnipCommand is a command snippet manager developed by Güray Yarar. Version 0.1.0 of SnipCommand contains a security vulnerability that allows for the injection of malicious payloads into command snippets, potentially leading to remote command execution...

6.1CVSS5.8AI score0.00378EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

MiracleLinux 4 : firefox-24.4.0-1.0.1.AXS4 (AXSA:2014-175:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-175:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

10CVSS8.6AI score0.83633EPSS
Exploits17References11
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

KB5073379: Windows Server 2025 Security Update (January 2026)

The remote Windows host is missing security update 5073379. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Local Security Authority Subsystem Service LSASS allows an authorized attacker to execute code over a network. CVE-2026-20854 - An issue was discovered in...

9.8CVSS7.9AI score0.1911EPSS
Exploits5References82
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.21 views

CVE-2021-47758 Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

8.8CVSS0.00838EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/01/15 1:56 p.m.9 views

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before...

9.8CVSS8.2AI score0.06431EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/01/15 4:46 a.m.199 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...

9.8CVSS7.9AI score0.99869EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002142 advisory. Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote...

9CVSS8.4AI score0.07123EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003203)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003203 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...

8CVSS7.1AI score0.16181EPSS
Exploits12References16
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.7 views

CVE-2026-0500

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

9.6CVSS7.1AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder