Lucene search
K

206326 matches found

NVD
NVD
added 4 hours ago6 views

CVE-2026-48316

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago8 views

EUVD-2022-49110

Open Babel has out-of-bounds write in MOPAC translationVectors UNIT CELL TRANSLATION...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References5
NVD
NVD
added 5 hours ago4 views

CVE-2025-53829

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS
Exploits0References1
NVD
NVD
added 5 hours ago5 views

CVE-2025-53827

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago8 views

CVE-2025-53829

ownCloud 10 before 10.15.3 is vulnerable to a path traversal flaw that an administrator can exploit to execute arbitrary code. The CVE-2025-53829 entry notes a patch is available in version 10.15.3 or later. CVSS v3.1 score is 8.0 (HIGH) with network attack vector, high complexity, required privi...

8CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2025-53829 ownCloud 10 is vulnerable to Relative Path Traversal

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS
Exploits0References1
CVE
CVE
added 7 hours ago7 views

CVE-2025-53828

CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...

8.5CVSS6.4AI score
Exploits0References1
CVE
CVE
added 7 hours ago8 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-41875

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 9 hours ago12 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 9 hours ago16 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
BDU FSTEC
BDU FSTEC
added 9 hours ago13 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00425EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 12 hours ago5 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS7.5AI score0.00668EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 13 hours ago3 views

CVE-2026-12252

A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...

7.8CVSS6.4AI score0.0015EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 17 hours ago3 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 17 hours ago6 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS7AI score0.00431EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 18 hours ago4 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.5AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 18 hours ago6 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.9AI score0.00308EPSS
Exploits0References7
Nuclei
Nuclei
added 18 hours ago66 views

eyoucms v.1.6.5 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...

6.1CVSS6.7AI score0.01028EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago28 views

shadoweb wdja v1.5.1 - Cross-Site Scripting

shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...

9.6CVSS7.4AI score0.06095EPSS
Exploits0References3
Rows per page
Query Builder