Lucene search
K

3179 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.5 views

CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

...

7CVSS6.2AI score0.00186EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.4 views

Cisco IOS XE Software Release 3E HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS XE Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed...

7.7CVSS5.9AI score0.0028EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.13 views

uac 操作系统命令注入漏洞

UAC is a Unix system forensics and incident response tool developed by Thiago Canozzo Lahr. Versions of UAC prior to 3.3.0-rc1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the runcommand function, which directly passed the constructed...

8.5CVSS6AI score0.00726EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.8 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 9:17 p.m.12 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00436EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:20 p.m.11 views

CVE-2026-28766

CVE-2026-28766 refers to Gardyn Cloud API missing authentication for a critical function. The initial description and related documents confirm that a specific endpoint exposes all user account information for registered Gardyn users without requiring authentication, enabling potential confidenti...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 8:20 p.m.3 views

CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30231

Name of the Vulnerable Software and Affected Versions Gardyn affected versions not specified Description A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. Recommendations At the moment, there is no information about a newer...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29952

Fleet's user account creation via invite does not enforce invited email address in github.com/fleetdm/fleet...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 3:30 p.m.75 views

CVE-2026-22561

CVE-2026-22561 concerns Anthropic Claude for Windows installer (Claude Setup.exe). The vulnerability arises from Uncontrolled search path elements, where the installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling local privilege escalation via DLL search-ord...

7.8CVSS6.4AI score0.00177EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

9.8CVSS6.1AI score0.00949EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.4AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27799

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software Release 3E Description A flaw exists in the HTTP Server feature that could allow a remote attacker with valid user credentials to cause an unexpected device reload, leading to a denial of service Do...

7.7CVSS6AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 6:31 p.m.5 views

EUVD-2026-13722

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

8.7CVSS6.1AI score0.00949EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:21 p.m.3 views

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

8.7CVSS6.1AI score0.00949EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26641

Name of the Vulnerable Software and Affected Versions QuNetSwitch versions prior to 2.0.5.0906 Description A command injection issue exists in QuNetSwitch. Successful exploitation allows a remote attacker who has obtained a user account to execute arbitrary commands. Recommendations Update to...

9.8CVSS6.2AI score0.00949EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/16 12:24 p.m.6 views

Improper Authentication

ZITADEL is vulnerable to Improper Authentication. The vulnerability is due to improper enforcement of organization login policies during the federation auto-linking process, which allows an attacker to authenticate through a disabled identity provider and link their external identity to an existi...

9.8CVSS5.8AI score0.00472EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.5 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.3AI score0.00151EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 8:2 a.m.4 views

CVE-2024-14026 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

5.4CVSS6AI score0.00624EPSS
Exploits0References1
CVE
CVE
added 2026/03/06 11:22 p.m.14 views

CVE-2026-1644

CVE-2026-1644 pertains to the WP Frontend Profile plugin for WordPress, affected through version 1.3.8. The root cause is missing nonce validation in the update_action function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to influence user account registrations (app...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References4
Rows per page
Query Builder