Lucene search
K

16979 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/01/14 12:0 a.m.24 views

VulnCheck KEV: CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.8CVSS5.8AI score0.72945EPSS
In wildExploits5References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 3 : samba-3.0.24-10AX (AXSA:2008-78:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-78:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printers...

7.5CVSS8.9AI score0.69085EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.10 views

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.5-2.2.1.AXS4 (AXSA:2012-909:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-909:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2012-0547 Unspecified vulnerability in the Java Runtime Environment JRE...

10CVSS9.2AI score0.98536EPSS
Exploits10References5
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 3 : lynx-2.8.5-28.1.1.1AXS3 (AXSA:2008-523:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-523:02 advisory. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx...

10CVSS7.8AI score0.0506EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : lynx-2.8.5-28.1.1.1AXS3 (AXSA:2008-473:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-473:01 advisory. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx...

10CVSS7.8AI score0.0506EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : vim-7.0.109-4.4z.1AXS3 (AXSA:2008-498:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-498:01 advisory. VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very...

9.3CVSS7.7AI score0.15044EPSS
Exploits6References7
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2023-54329

Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...

9.8CVSS0.01034EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

10CVSS6.2AI score0.37867EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/13 5:57 p.m.6 views

CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability

...

7.8CVSS6.6AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 1:13 a.m.3 views

CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

9.6CVSS6.8AI score0.00351EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

4images 代码注入漏洞

4images is an image management system from the German company 4images. A code injection vulnerability exists in 4images version 1.9, which stems from a remote command execution vulnerability in the template editing feature that could lead to the execution of arbitrary commands...

8.6CVSS6.1AI score0.01088EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

NanoCMS 代码注入漏洞

NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...

8.8CVSS6.2AI score0.01112EPSS
Exploits1References4
CVE
CVE
added 2026/01/12 2:27 a.m.188 views

CVE-2025-52694

CVE-2025-52694 affects Advantech WISE-IoTSuite/SaaS Composer with an unauthenticated SQL Injection in the filename parameter of the URL path, using unsafe PostgreSQL queries. The Nuclei template details the vulnerable endpoint (displays/{filename}.json?org_id=) and notes that an attacker can inje...

10CVSS6.3AI score0.37867EPSS
Exploits1References1Affected Software5
Vulnrichment
Vulnrichment
added 2026/01/12 12:0 a.m.3 views

CVE-2025-66802

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE Remote Code Execution. The application receives a reverse shell php into imagem of the user enabling RCE...

6.6AI score0.00791EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/12 12:0 a.m.4 views

EUVD-2026-1912

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

9.1CVSS7.9AI score0.00354EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.11 views

PT-2026-2042

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file /Administrator/PHP/AdminUpdateUser.php...

9.8CVSS7.4AI score0.00326EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/01/11 5:2 a.m.22 views

CVE-2026-0837 UTT 进取 520W formFireWall strcpy buffer overflow

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...

9CVSS0.03409EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/09 4:14 p.m.20 views

CVE-2025-46645

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...

6.5CVSS0.01409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:52 p.m.7 views

CVE-2014-4305

Multiple SQL injection vulnerabilities in NICE Recording eXpress aka Cybertech eXpress 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.7AI score0.01883EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.9 views

CVE-2005-1128

Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries...

7.5CVSS9AI score0.01111EPSS
Exploits0References1
Rows per page
Query Builder