Lucene search
+L

3945 matches found

nuclei
nuclei
added yesterday20 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
nuclei
nuclei
added yesterday12 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.1AI score0.0203EPSS
Exploits1References3
attackerkb
attackerkb
added yesterday5 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score0.00139EPSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score0.00139EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS0.00394EPSS
Exploits0References2
osv
osv
added 2026/07/09 4:16 p.m.4 views

ALPINE-CVE-2026-23562

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS6.2AI score0.0014EPSS
Exploits0References1
nvd
nvd
added 2026/07/09 8:16 a.m.7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
nvd
nvd
added 2026/07/09 7:16 a.m.8 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References9
nozomi
nozomi
added 2026/07/07 12:0 a.m.5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
nvd
nvd
added 2026/07/06 4:16 p.m.10 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
cve
cve
added 2026/07/06 2:46 p.m.19 views

CVE-2025-53829

ownCloud 10 before 10.15.3 is vulnerable to a path traversal flaw that an administrator can exploit to execute arbitrary code. The CVE-2025-53829 entry notes a patch is available in version 10.15.3 or later. CVSS v3.1 score is 8.0 (HIGH) with network attack vector, high complexity, required privi...

8CVSS6.2AI score0.00335EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 2:41 p.m.49 views

CVE-2025-53828 SharePoint for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF)

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
cve
cve
added 2026/07/06 2:41 p.m.18 views

CVE-2025-53828

CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/06 2:41 p.m.6 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References2Affected Software2
cve
cve
added 2026/07/06 2:31 p.m.17 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-55940

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a path traversal issue to execute arbitrary code. Path traversal is a flaw that allows an attacker to access files and directories that are...

8CVSS6.3AI score0.00335EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.11 views

PT-2026-55939

Name of the Vulnerable Software and Affected Versions SharePoint for ownCloud versions prior to 0.4.1 ownCloud 10 versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a Server-Side Request Forgery SSRF in the SharePoint app to execute arbitrary code on the...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References7
nvd
nvd
added 2026/07/02 5:17 p.m.9 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS0.00177EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/02 4:52 p.m.8 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder