Lucene search
K

3652 matches found

Nuclei
Nuclei
added 4 days ago76 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.6AI score0.87575EPSS
Exploits2References5
CVE
CVE
added 6 days ago14 views

CVE-2026-1433

The CVE-2026-1433 issue affects uniFLOW Universal Login Manager (ULM) Standalone. An information disclosure vulnerability allows an authenticated administrator to access sensitive configuration data via the ULM Remote User Interface (RUI). The exposure can reveal SMTP/LDAP integration configurati...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 6:53 a.m.7 views

EUVD-2026-40929

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS5.9AI score0.01129EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/25 7:5 p.m.154 views

SMB to Meterpreter Upgrade via PsExec

Upgrades an authenticated SMB session to a Meterpreter session using PsExec techniques. This module uploads a service-wrapped executable payload to the ADMIN$ share via the existing authenticated SMB connection, then creates and starts a Windows service that executes the payload. This mirrors the...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.11 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:12 p.m.11 views

CVE-2026-56222

Capgo before 12.128.2 has an authorization bypass in POST /private/role_bindings due to failure to verify app_id ownership during app-scoped role binding creation. An administrator in one organization can create role bindings targeting apps owned by other organizations, enabling unauthorized read...

8.6CVSS6AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:36 p.m.14 views

CVE-2026-22313

The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:47 a.m.9 views

CVE-2026-11849 IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...

9.8CVSS5.4AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 3:20 p.m.8 views

USN-8424-1 ubuntu-kylin-software-center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 5:21 p.m.14 views

EUVD-2026-35176

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 5:21 p.m.42 views

CVE-2026-8913 Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2025-40901

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

5.9CVSS5.5AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.5AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-20136

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.5AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.16 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS7.4AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 a.m.18 views

CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:37 a.m.12 views

CVE-2026-25600 Credential Exposure Vulnerability in Trac PDBM

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Ivanti Neurons for ITSM 访问控制错误漏洞

Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Ivanti Neurons for ITSM has a vulnerability related to access control. This vulnerability stems from improper access control practices, which may allow remote authentication attacke...

8.8CVSS5.5AI score0.0144EPSS
Exploits0References1
Rows per page
Query Builder