Lucene search
K

1127 matches found

OSV
OSV
added 2026/05/19 3:31 p.m.7 views

GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/13 12:48 a.m.11 views

EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.12 views

EUVD-2026-29879

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

6AI score0.00457EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 11:16 p.m.19 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 p.m.15 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS0.00457EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:24 p.m.6 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 10:24 p.m.39 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

0.00461EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 10:24 p.m.16 views

CVE-2026-43685

CVE-2026-43685 is a Remote Code Execution vulnerability in Claris FileMaker Cloud. An Admin Console user can inject arbitrary operating system commands via unsanitized input in the External ODBC Data Source connection test feature. The issue is fixed in FileMaker Cloud 2.22.0.5. Documents provide...

7.2CVSS6AI score0.00457EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/12 8:52 a.m.5 views

BIT-PGBOUNCER-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40461

Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...

7.2CVSS6AI score0.00457EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40460

Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types. This bypass enables the execution of arbitra...

7.2CVSS6.1AI score0.00461EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

Claris FileMaker Cloud 安全漏洞

Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...

7.2CVSS6AI score0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40291

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL CLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the admin users...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/05/09 1:16 a.m.19 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS0.00287EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 1:16 a.m.4 views

DEBIAN-CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/09 1:16 a.m.10 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 1:16 a.m.4 views

UBUNTU-CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/09 12:43 a.m.12 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/09 12:43 a.m.5 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/09 12:43 a.m.7 views

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
Rows per page
Query Builder