Lucene search
K

5225 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS6.1AI score0.14608EPSS
Exploits10References2
Nuclei
Nuclei
added yesterday17 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6.3AI score0.19761EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday23 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.1AI score0.8581EPSS
Exploits2References3
NVD
NVD
added yesterday6 views

CVE-2026-15520

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
Cvelist
Cvelist
added yesterday17 views

CVE-2026-15516 MacCMS Pro Installation Index.php step5 authorization

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...

6.3CVSS0.00274EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-15513

The CVE-2026-15513 vulnerability affects the Wavlink WL-NU516U1 (model 260515) in the CGI handler /cgi-bin/adm.cgi, specifically the wlink_uci_set_value function. An attacker can remotely manipulate the lan_ip argument to trigger an OS command injection. Impact is described as network-accessible ...

6.5CVSS6.5AI score0.01422EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-49844

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS0.0078EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

8.1CVSS6.1AI score0.00298EPSS
Exploits0References8
NVD
NVD
added 4 days ago4 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42833

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42529

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57111

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score0.00269EPSS
Exploits0References2
CVE
CVE
added last week23 views

CVE-2026-14904

The CVE concerns AWS RES: an improper link resolution before file access (CWE-59) in Auth.GetUserPrivateKey could allow an authenticated remote user to substitute their SSH private key (~/.ssh/id_rsa) with a symlink and read arbitrary host files on the cluster-manager EC2 instance. Since the clus...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS0.00632EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42040

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS6.2AI score0.01196EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-53479

Dell PowerProtect Data Domain is affected: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an OS command injection due to improper neutralization of special elements. A remote high-privileged attacker could exploit this to bypass pr...

7.2CVSS6.2AI score0.01196EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week37 views

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS0.01196EPSS
Exploits0References1
Cvelist
Cvelist
added last week37 views

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'Path...

9.8CVSS0.00632EPSS
Exploits0References1
Rows per page
Query Builder