Lucene search
K

87140 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/23 6:17 a.m.5 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS6AI score0.00144EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 6:17 a.m.3 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS7.3AI score0.00144EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 6:17 a.m.24 views

CVE-2026-34488

Technical details beyond the high-level description are not publicly available in the provided documents. Monitor for updates from the listed references for affected products, vulnerable components, and remediation guidance.

7.3CVSS6AI score0.00144EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 6:0 a.m.29 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 4:15 a.m.4 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 4:15 a.m.12 views

CVE-2026-40529

CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 4:15 a.m.30 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 4:15 a.m.4 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/23 4:0 a.m.33 views

CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS0.00264EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/23 4:0 a.m.8 views

EUVD-2026-25188

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS5.8AI score0.00264EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.6 views

SUSE CVE-2026-31493

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in...

6.4CVSS5.6AI score0.00127EPSS
Exploits0References13
EUVD
EUVD
added 2026/04/23 12:31 a.m.9 views

EUVD-2026-25133

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 12:16 a.m.7 views

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS0.00356EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 12:16 a.m.6 views

DEBIAN-CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.4AI score0.34734EPSS
Exploits1References1
NVD
NVD
added 2026/04/23 12:16 a.m.4 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS0.34734EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34770

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34867

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache...

9CVSS6.1AI score0.0098EPSS
Exploits0References35
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.7 views

i-PRO IP Setting Software 代码问题漏洞

i-PRO IP Setting Software is a management tool developed by the Japanese company i-PRO, designed for discovering devices and configuring network parameters in bulk. The i-PRO IP Setting Software has a code vulnerability related to the DLL search path. This vulnerability may lead to the insecure...

7.3CVSS7.3AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation vulnerability in the chat.send endpoint, allowing gatekeepers with write...

8.8CVSS5.8AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34636

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder