Lucene search
+L

2516 matches found

CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a security vulnerability,...

7.9CVSS5.3AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.11 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:56 a.m.13 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/30 12:26 a.m.140 views

Exploit for CVE-2025-66478

CVE-2025-66478-Research-Proof-of-Concept Overview This re...

7.5AI score
Exploits111
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 1:12 p.m.41 views

CVE-2026-8980 Privilege Escalation

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS0.00331EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:38 p.m.10 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 7:38 p.m.16 views

EUVD-2026-32641

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 a.m.13 views

CVE-2026-4795

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

6.5CVSS0.00234EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:1 a.m.17 views

Malicious code in create-arnext-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...

6.2AI score
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

Zyxel GS1200 安全漏洞

The Zyxel GS1200 is a series of switches produced by the Chinese company Zyxel. The Zyxel GS1200 has a security vulnerability that stems from the lack of authorization verification. This vulnerability allows unauthorized attackers, based on the LAN, to read system configurations from log files...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/24 12:51 a.m.17 views

[SECURITY] Fedora 43 Update: python-requests-2.33.1-1.fc43

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

5.5CVSS5.8AI score0.00182EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.11 views

CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 12:38 a.m.13 views

MAL-2026-4626 Malicious code in omnius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aceac0879b587bc711c3f156bf0de4bab90f3774816a6cbeb36a2cf9bb03e12 The package's postinstall lifecycle hook launches dist/postinstall-daemon.cjs, which combines childprocess.execSync, os.userInfo, filesystem probes,...

5.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-42525

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in connman

In ConnMan version 1.41, remote attackers who can send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute code...

9.8CVSS7.2AI score0.02392EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 5:0 p.m.9 views

CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 5:0 p.m.36 views

CVE-2026-8602

CVE-2026-8602 affects ScadaBR 1.2.0, described as a Missing Authentication for Critical Function vulnerability that could allow an unauthenticated attacker to send HTTP GET requests to the SCADA system and inject arbitrary sensor readings. The connected documents provide concrete details: vulnera...

9.1CVSS5.9AI score0.00448EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/19 5:0 p.m.3 views

CVE-2026-8602 Missing authentication for critical function in ScadaBR

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS6AI score0.00448EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 9:23 a.m.20 views

EUVD-2026-30859

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder