Lucene search
K

5313 matches found

Vulnrichment
Vulnrichment
added 2026/06/03 3:16 p.m.14 views

CVE-2026-42317 GLPI vulnerable to arbitrary files deletion by technician

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 3:16 p.m.17 views

CVE-2026-42317

Product: GLPIVulnerability: Arbitrary files deletion by a technicianAffected versions: from 0.78 up to, but not including, 10.0.25 and 11.0.7Root cause/condition: Webserver must have write rights on the target files; a logged-in technician can delete arbitrary files from the filesystemImpact (as ...

7CVSS5.9AI score0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:16 p.m.7 views

CVE-2026-42317

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/03 3:16 p.m.47 views

CVE-2026-42317 GLPI vulnerable to arbitrary files deletion by technician

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45956

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00346EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 4:16 a.m.17 views

CVE-2026-48187

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

5.7CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:33 a.m.26 views

EUVD-2026-33553

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

5.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.9 views

Apache Airflow < 3.2.0 Multiple Vulnerabilities

The version of Apache Airflow installed on the remote host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities, including: - DAG authors who normally should not be able to execute code in the webserver context can craft an XCom payload causing the webserver to execute...

8.8CVSS6.3AI score0.00822EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/14 12:37 a.m.137 views

minalic-exploit-2013

MinaliC Webserver version...

6AI score
Exploits0
NVD
NVD
added 2026/05/12 10:16 p.m.16 views

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS0.00351EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 10:16 p.m.30 views

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS0.00571EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 9:56 p.m.43 views

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS0.00571EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:56 p.m.11 views

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/12 9:56 p.m.21 views

CVE-2026-42854

Summary: The Arduino-ESP32 core is affected by a stack overflow in the WebServer multipart boundary parser. A boundary derived from the HTTP header (Content-Type: multipart/form-data; boundary=...) with length &gt; ~8000 can overflow the 8192-byte loopTask stack, potentially enabling remote code ...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 9:56 p.m.35 views

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS0.00351EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 9:56 p.m.11 views

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

arduino-esp32 授权问题漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained an authorization vulnerability. This vulnerability stemmed from the WebServer implementation, whic...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from the WebServer multi-part form parser’s...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40454

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/03 4:30 a.m.36 views

CVE-2026-7680 jsbroks COCO Annotator Data Endpoint datasets.py path traversal

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

5.3CVSS0.00467EPSS
Exploits0References4
Rows per page
Query Builder