Lucene search
K

206143 matches found

RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.6 views

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....

9.8CVSS7.8AI score0.0083EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.3 views

Debian dsa-6103 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6103 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected]...

9.8CVSS9AI score0.0057EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.7 views

RockyLinux 10 : gnupg2 (RLSA-2026:0697)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0697 advisory. GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 Tenable has extracted the preceding descriptio...

7.8CVSS6.4AI score0.00129EPSS
Exploits1References3
OSV
OSV
added 2026/01/16 9:3 p.m.3 views

GHSA-CC8M-98FM-RC9G Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

8.8CVSS7.2AI score0.00473EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/16 8:52 p.m.5 views

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/16 8:52 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/16 8:7 p.m.20 views

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS0.00473EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/16 8:7 p.m.5 views

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS6.3AI score0.00473EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/16 8:7 p.m.4 views

EUVD-2026-2860

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References5
CVE
CVE
added 2026/01/16 7:29 p.m.22 views

CVE-2026-23722

WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...

9.1CVSS5.4AI score0.00212EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47847

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS0.00153EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.4 views

CVE-2021-47847

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS5.7AI score0.00153EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.23 views

CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 7:9 p.m.13 views

CVE-2021-47841

CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...

6.1CVSS6.9AI score0.00378EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 7:9 p.m.8 views

CVE-2021-47828

CVE-2021-47828 relates to BOOTP Turbo 2.0.0.1253, where the Windows service bootpt.exe uses an unquoted service path. The underlying issue is an unquoted path in the service configuration, enabling elevated LocalSystem code execution during startup or reboot. Mitigation is to quote the service pa...

8.5CVSS7.5AI score0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.24 views

CVE-2021-47826 Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\NTI\Acer Backup Manager\ to inject malicious executables that...

8.5CVSS0.0015EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/16 5:51 p.m.4 views

Cross-site Scripting (XSS)

Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...

7.1CVSS6.4AI score0.00205EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 2:28 p.m.14 views

Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution (CVE-2025-1550).

Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability...

9.8CVSS7.8AI score0.02803EPSS
Exploits3Affected Software1
Snyk
Snyk
added 2026/01/16 1:53 p.m.11 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 3:16 a.m.3 views

CVE-2026-1021

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS6.4AI score0.00636EPSS
Exploits0References2
Rows per page
Query Builder