Lucene search
K

517 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/02 5:43 p.m.4 views

CVE-2026-22221

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS6.1AI score0.01293EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/02 5:43 p.m.30 views

CVE-2026-22221 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS0.01293EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5687

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS5.9AI score0.01423EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.6 views

PT-2026-5686

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS5.9AI score0.01423EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.7 views

PT-2026-5684

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS5.9AI score0.01293EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.19 views

PT-2026-5690

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5685

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS5.9AI score0.01293EPSS
Exploits0References5
NVD
NVD
added 2026/01/23 9:15 a.m.6 views

CVE-2026-1364

IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities...

9.8CVSS0.00525EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.14 views

PT-2026-3842

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credenti...

8.7CVSS5.7AI score0.00319EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.5 views

CVE-2026-22640

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS6.8AI score0.0006EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/15 1:12 p.m.5 views

EUVD-2026-2799

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS6.3AI score0.0006EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3007

Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An access control issue exists in Grafana OSS that allows an Organization administrator to permanently delete the Server administrator account. This is possible when an Organization...

5.5CVSS6.4AI score0.0006EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.9 views

CVE-2009-4222

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request...

7.5CVSS7.2AI score0.02199EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.5 views

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...

5.1CVSS6.6AI score0.00204EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

iiCMS 代码注入漏洞

iCMS is a software application. It is an efficient and simple content management system built with PHP and MySQL. A code injection vulnerability exists in iCMS 8.0.0 and earlier versions, which stems from an incorrect operation of the parameter config by the Save function in the POST Parameter...

7.2CVSS5.9AI score0.00404EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54436

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

5.8CVSS7.1AI score0.00404EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.7 views

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...

10CVSS7.8AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 7:24 p.m.6 views

CVE-2025-7044

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...

7.7CVSS6.8AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 3:45 p.m.3 views

CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...

7.7CVSS6.4AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 10:24 p.m.5 views

CVE-2025-65276

An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...

9.8CVSS7AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder