Lucene search
+L

3727 matches found

snyk
snyk
added 2026/06/12 7:9 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
vulncheck_kev
vulncheck_kev
added 2026/06/12 12:0 a.m.53 views

VulnCheck KEV: CVE-2026-25939

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

9.3CVSS5.4AI score0.11393EPSS
In wildExploits1References3
ibm
ibm
added 2026/06/11 3:44 p.m.5 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033

Summary IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS7.7AI score0.00808EPSS
Exploits8Affected Software1
ibm
ibm
added 2026/06/10 2:8 p.m.6 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

7.5CVSS5.5AI score0.00496EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/06/10 12:21 p.m.9 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3...

6.1CVSS7.4AI score0.0034EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/09 1:16 p.m.9 views

UBUNTU-CVE-2026-46319

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

7.8CVSS5.3AI score0.00125EPSS
Exploits0References3
osv
osv
added 2026/06/08 11:7 p.m.7 views

GHSA-8GHR-W65F-J3QR FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

6.3CVSS5.7AI score0.00048EPSS
Exploits0References3
github
github
added 2026/06/08 11:7 p.m.13 views

FUXA's scheduler API missing admin check enables operator-to-admin escalation via scheduled device actions

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

5.7AI score0.00048EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.18 views

PT-2026-47559

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

6.3CVSS5.7AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.16 views

PT-2026-47618

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authorization issue in the Scheduler API allows authenticated non-admin users to create or modify scheduled actions that are restricted to administrators. The API fails to correctly enforce...

6.3CVSS5.6AI score0.00048EPSS
Exploits0References5
nessus
nessus
added 2026/06/08 12:0 a.m.16 views

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21845-1)

The remote SUSE Linux SLES16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21845-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058:...

9.8CVSS7AI score0.0138EPSS
Exploits19References659
nessus
nessus
added 2026/06/06 12:0 a.m.18 views

EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2026-2077)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : netfilter: ctnetlink: remove refcounting in expectation dumpersCVE-2025-39764 nvme: nvme-fc: Ensure -ioerrwork is cancelled in...

9.8CVSS6.2AI score0.0071EPSS
Exploits0References103
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.12 views

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

7.5CVSS5.3AI score0.00521EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.11 views

CVE-2026-37600

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/viewdetails.php...

2.7CVSS5.7AI score0.0019EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:30 p.m.10 views

CVE-2026-24176

NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.10 views

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.4AI score0.00154EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.5AI score0.00497EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS5.8AI score0.00648EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:15 p.m.12 views

CVE-2026-24177

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure...

7.7CVSS5.4AI score0.00235EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS5.8AI score0.00389EPSS
Exploits0References1
Rows per page
Query Builder