Lucene search
K

350 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/05 5:53 p.m.6 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.24 views

PT-2026-47020

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'POST /ssh/tunnel/connect' endpoint allows persistent OS command injection on the...

9.8CVSS5.5AI score0.01729EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Arcadia Crafty Controller 安全漏洞

Arcadia Crafty Controller is a server management panel developed under the open-source Crafty Controller project. There is a security vulnerability in Arcadia Crafty Controller. This vulnerability stems from a lack of resilience to unexpected messages from connection switches, which may lead to...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 p.m.13 views

CVE-2026-8360

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 5:16 a.m.16 views

CVE-2026-9056

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

5.4CVSS0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 4:35 a.m.12 views

EUVD-2026-31060

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 4:35 a.m.11 views

CVE-2026-9056 Security fix for Qlik Talend Administration Center cross-site scripting vulnerability

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 4:35 a.m.13 views

CVE-2026-9056

Talend Administration Center is affected by a stored XSS vulnerability (CVE-2026-9056). An attacker with server-management permissions can store an XSS payload that is triggered when another user visits the affected interface. Documented as stored XSS with user interaction required; no explicit e...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Talend Administration Center 安全漏洞

Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. Talend Administration Center has a security vulnerability that stems from stored XSS payloads. This vulnerability could be exploited by...

5.4CVSS5.8AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...

8.3CVSS5.8AI score0.00558EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36924

ITEMS ADDED: Filters Add filter for Atmos PM-5173 Filters Add filter for audio layout PM-5118 Filters Add filters for video, audio, and subtitle codecs PM-5117 Metadata Add support for RottenTomatoes audience and average ratings to Nfo parser PM-5176 Metadata Detect Dolby Atmos PM-4004 Metadata...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/02 8:0 a.m.10 views

Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/01 3:25 a.m.85 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 Auto Exploit !Pythonhttps://img.shields.io/...

9.8CVSS5.5AI score0.981EPSS
Exploits64
NVD
NVD
added 2026/04/20 9:16 p.m.10 views

CVE-2026-33432

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

9.1CVSS0.00423EPSS
Exploits1References2
NVD
NVD
added 2026/04/12 10:16 p.m.4 views

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS0.01368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/12 10:0 p.m.4 views

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS5.5AI score0.01368EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/12 10:0 p.m.16 views

CVE-2026-6130

CVE-2026-6130 affects chatboxai up to version 1.20.0, impacting the StdioClientTransport function in src/main/mcp/ipc-stdio-transport.ts within the Model Context Protocol Server Management System. The root cause is a flaw where manipulating the argument list (args/env) enables os command injectio...

7.5CVSS6.7AI score0.01368EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

ajenti 安全漏洞

Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Versions of Ajenti prior to 2.2.15 contained security vulnerabilities, which stemmed from the ability for unauthenticated users to install custom packages...

7.2CVSS5.8AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:6 p.m.6 views

EUVD-2026-18354

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS5.9AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 12:16 a.m.7 views

CVE-2026-27811

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...

8.8CVSS0.02037EPSS
Exploits1References3
Rows per page
Query Builder