Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 3:0 p.m.6 views

CVE-2026-55477

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS6.4AI score0.00342EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 3:0 p.m.22 views

CVE-2026-55477

3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...

7.2CVSS6.4AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 3:0 p.m.4 views

CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS6.5AI score0.00342EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:0 p.m.33 views

CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS0.00342EPSS
Exploits0References1
Rows per page
Query Builder