Lucene search
K

19047 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-9773

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

8.8CVSS0.01126EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:35 p.m.16 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection (CVE-2026-9772) allows authenticated attackers to execute arbitrary code on affected installations via a crafted FileUpload.php input, executing a system call as www-data. Root cause: insufficient validation of a user-supplied string before a system ...

8.8CVSS7.8AI score0.01114EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.20 views

CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 12:0 a.m.3 views

ALSA-2026:28921 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
AlmaLinux
AlmaLinux
added 2026/06/24 12:0 a.m.5 views

Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
AlmaLinux
AlmaLinux
added 2026/06/24 12:0 a.m.6 views

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 5:57 p.m.3 views

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

9.8CVSS6.8AI score0.00488EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:5 p.m.3 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

9.8CVSS5.8AI score0.00409EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.16 views

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

9.8CVSS7.5AI score0.97107EPSS
Exploits15References4
CVE
CVE
added 2026/06/23 12:53 a.m.40 views

CVE-2026-11833

CVE-2026-11833 affects FAST/TOOLS (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04 and CI Server (all packages) from R1.01 to R1.04. The web server may return a response containing CI Server setting information, which could be exploited by an attacker for other attacks. The CVSS4 scor...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:0 a.m.2 views

ALSA-2026:28212 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
NVD
NVD
added 2026/06/22 11:16 p.m.9 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.0086EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/22 9:57 p.m.72 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.0086EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:57 p.m.3 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.0086EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.7 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.8AI score0.01325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6AI score0.00393EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/22 2:16 p.m.7 views

EUVD-2026-38284

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...

7.5CVSS6.5AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:16 p.m.33 views

CVE-2026-8858 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

7.5CVSS0.0026EPSS
Exploits0References1
Rows per page
Query Builder