Lucene search
K

954504 matches found

CVE
CVE
added 2026/06/25 3:26 p.m.10 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 3:25 p.m.13 views

CVE-2026-48946

CVE-2026-48946 affects the K2 frontend Joomla extension (getk2.com) prior to version 2.26. The issue allows a K2 Author to upload a PHP file (e.g., shell.php) via the article-attachment upload path; Apache mod_php executes the file under the K2 web user, enabling arbitrary PHP code execution in t...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.34 views

CVE-2026-48946 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-57587

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.7 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-49319

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS0.0024EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 3:13 p.m.5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 2:29 p.m.9 views

CVE-2026-57535

CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS0.00548EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:11 p.m.35 views

CVE-2026-49319 Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 2:11 p.m.7 views

CVE-2026-49319 Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 2:11 p.m.7 views

EUVD-2026-39417

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:11 p.m.21 views

CVE-2026-49319

CVE-2026-49319 concerns a roll-back attack on a Remote Keyless Entry System (RKES) using the 433 MHz key fob with FCC ID CWTR53R0 from ALPS ALPINE CO., LTD. The described vulnerability allows an attacker within RF range to record two consecutive lock/unlock transmissions and replay them to cause ...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:47 p.m.4 views

EUVD-2026-39408

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:47 p.m.9 views

CVE-2026-57587

The CVE-2026-57587 entry describes a SQL injection in Nessus affecting the scan results database. An unauthenticated remote attacker who controls reverse DNS records for a scanned host can inject malicious SQL, potentially exfiltrating scan-result data. The connected documents specify Nessus as t...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 1:47 p.m.7 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:28 p.m.34 views

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:28 p.m.35 views

EUVD-2026-39395

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS6AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder