Lucene search
K

148 matches found

Cvelist
Cvelist
added 2026/04/17 10:45 a.m.24 views

CVE-2026-5131 Server-Side Request Forgery in GREENmod

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

6.9CVSS0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 9:31 a.m.7 views

EUVD-2026-17824

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

4.4CVSS6AI score0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 7:41 a.m.4 views

CVE-2026-28265

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

4.4CVSS6AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 7:41 a.m.25 views

CVE-2026-28265

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

4.4CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 7:41 a.m.17 views

CVE-2026-28265

Technical specifics (affected component/versions, root cause, exploit steps, or patch) are not publicly provided in the supplied documents. Monitor Dell PowerStore advisories and external sources for updates.

7.1CVSS6AI score0.00117EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29479

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

4.4CVSS6AI score0.00117EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 4:0 p.m.5 views

GO-2026-4651 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 2:16 p.m.3 views

CVE-2026-32063

OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...

7.8CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2026/03/11 1:32 p.m.17 views

CVE-2026-32063

OpenClaw 2026.2.19-2 is affected by a command injection in systemd unit file generation due to unvalidated CR/LF in attacker-controlled environment values. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of th...

7.8CVSS6AI score0.01075EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 1:32 p.m.2 views

CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation

OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...

7.1CVSS6AI score0.01075EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-24673

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

8.6CVSS6.1AI score0.01075EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.10 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References1
EUVD
EUVD
added 2026/02/27 6:31 a.m.11 views

EUVD-2026-8999

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS5.9AI score0.00763EPSS
Exploits2References3
OSV
OSV
added 2026/02/27 5:18 a.m.5 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score
Exploits0References3
OSV
OSV
added 2026/02/27 5:18 a.m.3 views

UBUNTU-CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/02/27 4:56 a.m.24 views

CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS0.00763EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/01/12 5:30 p.m.277 views

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

CVE-2025-31324 Proof-of-Concept 0day for SAP NetWeaver created...

10CVSS7.5AI score0.99359EPSS
Exploits19
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.5 views

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

7CVSS8.1AI score0.00545EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.18 views

CVE-2020-23897

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file...

5.5CVSS6.7AI score0.00545EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 12:16 p.m.4 views

OESA-2025-2880 usbmuxd security update

usbmuxd is a socket daemon to multiplex connections from and to iOS devices.It allows multiple services on the device to be accessed simultaneously. Security Fixes: A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before...

5.7CVSS6.6AI score0.00132EPSS
Exploits1References2
Rows per page
Query Builder