Lucene search
K

42 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59721 Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 2:31 p.m.46 views

CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:45 p.m.4 views

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/17 5:54 a.m.4 views

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 6:54 a.m.14 views

CVE-2026-28760

The vulnerability CVE-2026-28760 affects RATOC RAID Monitoring Manager for Windows. The installer loads DLLs by searching the current directory, enabling a user-directed crafted DLL to be loaded during installation, which may allow arbitrary code execution with administrator privileges. The issue...

8.4CVSS7.3AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 8:13 a.m.4 views

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

8.4CVSS5.8AI score0.0016EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.7 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00481EPSS
Exploits0References1
NCSC
NCSC
added 2026/02/11 11:34 a.m.11 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

8.1CVSS5.8AI score0.01365EPSS
Exploits2References4
CVE
CVE
added 2026/02/10 9:58 a.m.13 views

CVE-2026-25655

CVE-2026-25655 affects SINEC NMS prior to 4.0 SP2. The issue is an improper modification of a configuration file by a low-privileged user, which can be exploited to load malicious DLLs and potentially achieve arbitrary code execution with administrative privileges. From the provided data, attack ...

8.5CVSS6.2AI score0.00238EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.17 views

CVE-2025-71178

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

7.1CVSS6.3AI score0.00185EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/25 9:38 a.m.247 views

Exploit for Cross-site Scripting in Mainwp Mainwp_Dashboard

CVE-2016-15041 Testing Environment & Walkthrough Table of...

7.2CVSS7.2AI score0.01228EPSS
Exploits3
CVE
CVE
added 2025/12/12 6:53 a.m.15 views

CVE-2025-67737

CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...

3.7CVSS6.1AI score0.00213EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/12 6:53 a.m.37 views

CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

3.1CVSS0.00213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.7 views

PT-2025-47269

Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.3 Description A Path Restriction Bypass exists in Serv-U that allows a malicious actor with administrative privileges to execute code on a directory. This requires administrative privileges to exploit. On Windows...

9.1CVSS7.4AI score0.01006EPSS
Exploits0References18
NVD
NVD
added 2025/11/06 8:15 p.m.5 views

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS0.00638EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.32 views

EUVD-2025-30242

Malicious code in bioql PyPI...

8CVSS6.3AI score0.00599EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/09/25 11:28 p.m.3 views

SUSE CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

7.2CVSS8.1AI score0.00599EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.6 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS8AI score0.00599EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-44547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege...

9.1CVSS7.1AI score0.00695EPSS
Exploits0References2
OSV
OSV
added 2024/08/14 12:35 p.m.5 views

GHSA-8FRP-PXQ2-3GPQ Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

8.4CVSS7.8AI score0.01529EPSS
Exploits0References3
Rows per page
Query Builder