Lucene search
K

283 matches found

NVD
NVD
added 2026/07/06 5:16 p.m.9 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS0.00478EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 4:13 p.m.4 views

EUVD-2026-41889

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00478EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 4:13 p.m.37 views

CVE-2026-40141 High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS0.00478EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-13907

Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00212EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.166 views

Ivanti ICS - Authentication Bypass

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. id: CVE-2023-46805 info: name: Ivanti ICS - Authentication Bypass author: DhiyaneshDK,daffainfo,geeknik...

9.1CVSS8.7AI score0.99999EPSS
Exploits23References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Edimax EW-7438RPn 安全漏洞

Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Edimax. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from a parameter manipulation of the function formWlSiteSurvey in the file /goform/formWlSiteSurvey by the webs component, which...

9CVSS7.6AI score0.00445EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/20 1:5 p.m.10 views

firefox: thunderbird: Use-after-free in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the WebRTC component...

7.5CVSS5.7AI score0.004EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

7.6CVSS5.7AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/26 10:0 p.m.4 views

CVE-2026-7061 Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS7.1AI score0.01353EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

ChatGPT MCP Server 命令注入漏洞

The ChatGPT MCP Server is a MCP server managed through natural language by Toowiredd’s individual developer. Versions of the ChatGPT MCP Server 0.1.0 and earlier had a command injection vulnerability, which stemmed from the os command injection present in the src/services/docker.service.ts file...

7.5CVSS7.1AI score0.01353EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/21 1:16 p.m.5 views

CVE-2026-6747

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.8AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.6 views

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

6.7CVSS5.9AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

Photobooth Web-Component 跨站脚本漏洞

Photobooth Web-Component is a software developed by Lukas personally. Versions of Photobooth Web-Component prior to 1.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of validation on user input fields, which could lead to cross-site scripting attacks...

5.3CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.7 views

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:9 p.m.3 views

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/28 5:9 p.m.5 views

EUVD-2025-206459

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5144

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

5.9AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.6 views

CVE-2024-34788

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information...

6.5CVSS7AI score0.00938EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞

Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...

6.9CVSS7.6AI score0.00946EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/11/24 4:24 p.m.6 views

@vex-chat/spire (>=1.0.0 <=2.5.0) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =2.5.0 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...

5.7AI score
Exploits0
Rows per page
Query Builder