Lucene search
K

300 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42637

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-54971

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 2:16 p.m.12 views

CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.15 views

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS0.0008EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 5:52 p.m.36 views

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS0.0008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 5:52 p.m.10 views

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS5.3AI score0.0008EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:27 p.m.42 views

CVE-2026-49938

Fortinet FortiPortal is affected by an improper access control vulnerability (CVE-2026-49938) impacting FortiPortal versions 7.4.0–7.4.7, 7.2.0–7.2.8, and all 7.0 versions. The issue is described as improper access control with an attack vector placeholder, indicating a possible exposure where an...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

6.7CVSS5.8AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS5.8AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 3:32 a.m.10 views

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:32 a.m.37 views

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45265

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 12:0 a.m.9 views

UBUNTU-CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from potential null pointer dereferencing when handling AFINET/AFINET6 socket mediation,...

3.3CVSS5.8AI score0.00094EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/28 12:0 a.m.19 views

CVE-2026-47327

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

3.3CVSS5.8AI score0.00091EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Qemu

In QEMU, the softmmu/physmem.c file, versions up to 7.0.0, can perform an uninitialized read on the translatefail path, resulting in an ioreadx or iowritex crash. NOTE: A third-party report states that the “Non-virtualization Use Case” described in the qemu.org reference applies here. In other...

8.8CVSS7.6AI score0.00656EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

oinone-pamirs 命令注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...

7.3CVSS6AI score0.01414EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.12 views

EUVD-2026-30112

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
Rows per page
Query Builder