Lucene search
K

45 matches found

CVE
CVE
added 2026/06/19 2:16 p.m.10 views

CVE-2016-20085

The CVE-2016-20085 entry affects Realtek High Definition Audio Driver version 6.0.1.6730 and describes an unquoted service path privilege-escalation vulnerability. An attacker could place a malicious executable in the unquoted service path and restart the Realtek service to execute code with Loca...

8.5CVSS6AI score0.00114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 6:14 a.m.16 views

CVE-2026-4035

A flaw was found in MLflow. This vulnerability allows an attacker to exfiltrate sensitive server-side environment credentials. It occurs because the AI Gateway secrets can resolve environment variables, which are then sent to an attacker-controlled endpoint. This could lead to unauthorized access...

9.1CVSS5.6AI score0.00435EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/22 1:6 p.m.11 views

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/21 11:46 a.m.5 views

CVE-2026-39946

A flaw was found in OpenBao. When OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, it failed to use proper database quoting on schema names. This oversight could lead to role revocation failures or, in rarer instances, allow a management user to perform SQL injectio...

4.9CVSS5.8AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/10 7:12 a.m.5 views

CVE-2026-34500

A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...

6.5CVSS5.7AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.4 views

CVE-2026-25854

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 2:13 p.m.7 views

CVE-2026-35030

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. When JSON Web Token JWT authentication is enabled, the OIDC user information cache uses a truncated portion of the token as a cache key. An unauthenticated attacker can exploit this by crafting a JWT with the same...

9.4CVSS5.8AI score0.0049EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/20 4:29 p.m.7 views

CVE-2026-21620

A flaw was found in Erlang OTP tftpfile modules. This vulnerability allows an attacker to exploit a weakness in how file paths are handled, known as Relative Path Traversal. By manipulating these paths, an attacker could gain unauthorized access to sensitive files on the system, potentially leadi...

4.2CVSS5.8AI score0.00461EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/02/10 7:6 p.m.4 views

CVE-2026-0966

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS6.5AI score0.00582EPSS
Exploits0References4
Metasploit
Metasploit
added 2025/11/26 6:53 p.m.398 views

IGEL OS Privilege Escalation (via systemd service)

Escalate privileges for IGEL OS Workspace Edition sessions, by modifying network-manager.service using setupcmd SUID and network, then restarting the service. Module Options msf use exploit/linux/local/igelnetworkprivesc msf exploitigelnetworkprivesc show targets ...targets... msf...

5.8AI score
Exploits0
Oracle linux
Oracle linux
added 2025/10/07 12:0 a.m.11 views

open-vm-tools security update

12.3.5-2.0.1.el8.1 - Fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. Orabug: 21819156 12.3.5-2.el8.1 -...

7.8CVSS7.2AI score0.0788EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-12105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component,...

8.2CVSS7.6AI score0.02283EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.4 views

Nokia Single RAN 安全漏洞

Nokia Single RAN is a wireless network technology from Nokia Finland. A security vulnerability exists in Nokia Single RAN 24R1-SR version prior to 1.0 MP, which originates from a stack overflow that could result in a restart of a service component...

4.2CVSS6.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.5 views

PT-2025-2786 · Txone Networks · Txone Networks Portable Inspector +1

Name of the Vulnerable Software and Affected Versions: TXOne Networks Portable Inspector version 1.0.0 TXOne Networks Portable Inspector Pro Edition version 1.0.0 Description: The issue is related to improper input validation in the Management Program of TXOne Networks Portable Inspector and...

6.9CVSS7.3AI score0.00425EPSS
Exploits0References6
OSV
OSV
added 2024/07/10 11:15 p.m.3 views

CVE-2024-6036

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

9.1CVSS7.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2024/07/02 11:5 a.m.1147 views

Exploit for Race Condition in Openbsd Openssh

OpenSSH CVE-2024-6387 A vulnerability CVE-2024-6387 has bee...

8.1CVSS8.4AI score0.99506EPSS
Exploits68
NVD
NVD
added 2019/09/10 5:15 p.m.10 views

CVE-2019-12105

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The...

8.2CVSS8.2AI score0.02283EPSS
Exploits0References3
OSV
OSV
added 2019/09/10 5:15 p.m.5 views

CVE-2019-12105

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The...

8.2CVSS8AI score
Exploits0References3
OSV
OSV
added 2019/06/27 4:15 p.m.3 views

CVE-2019-7226

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the...

8.8CVSS5.8AI score0.0526EPSS
Exploits2References4
Veeam
Veeam
added 2018/07/03 12:54 p.m.15 views

Veeam Backup & Replication plug-in missing in vSphere HTML5 Web Client after upgrade to VMware vSphere 6.7

Challenge After installing Veeam 9.5 Update 3a and simultaneous upgrade of vSphere from 6.5 to 6.7 Veeam vSphere Web Client Plugin might stop working for vSphere HTML5 Web Client. However it is still operational in vSphere Flash/Flex Web Client. The issue is only reproducible in case the plugin w...

6.7AI score
Exploits0
Rows per page
Query Builder