Lucene search
K

160 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.15 views

PT-2026-25700

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 3:2 p.m.19 views

CVE-2026-29185

Backstage's CVE-2026-29185 affects the SCM URL parsing logic in the Backstage integration component. Before version 1.20.1, encoded path traversal sequences could be included in SCM URLs and, when processed by integration functions that construct API URLs, cause traversal segments to redirect req...

2.7CVSS5.7AI score0.00348EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/27 9:40 p.m.21 views

CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...

0.00453EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/27 9:40 p.m.2 views

CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...

6AI score0.00453EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.7 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

8.8CVSS6.2AI score0.01897EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:34 p.m.4 views

CVE-2026-28215

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HTTP POST request wi...

9.1CVSS5.8AI score0.00455EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS5.5AI score0.00485EPSS
Exploits1References1
NVD
NVD
added 2026/02/06 10:16 p.m.10 views

CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS0.00485EPSS
Exploits1References2
NVD
NVD
added 2026/02/05 7:16 a.m.11 views

CVE-2026-1246

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...

4.9CVSS0.00519EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/07 4:10 p.m.4 views

EUVD-2026-1415

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.3AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.10 views

CVE-2019-12753

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The maliciou...

4.9CVSS6.2AI score0.00999EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-2205

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure encryption method, allowing an attacker intercepting the we...

6.9CVSS6.5AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2025/10/25 6:15 a.m.7 views

CVE-2025-11879

The GenerateBlocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getoptionrest' function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with contributor level access and above, to read...

6.5CVSS0.00269EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-2315

Malware in sbrugna...

5CVSS6.4AI score0.014EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4023

Malware in sbrugna...

8.1CVSS8.1AI score0.01143EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21440

Malware in sbrugna...

9.8CVSS9.2AI score0.01474EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3019

Malware in sbrugna...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-6626

Malware in sbrugna...

7.8CVSS7.9AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24468

Malware in sbrugna...

5.3CVSS4.8AI score0.00991EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-3652

Malware in sbrugna...

1.9CVSS6.4AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder