Lucene search
K

121364 matches found

BDU FSTEC
BDU FSTEC
added 12 hours ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 12 hours ago17 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago86 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7AI score0.143EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago48 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.2AI score0.02995EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago22 views

WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...

9.8CVSS7.2AI score0.58794EPSS
Exploits4References2
Nuclei
Nuclei
added 16 hours ago330 views

Yii 2 < 2.0.38 - Remote Code Execution

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. id: CVE-2020-15148 info: name: Yii 2 2.0.38 - Remote Code Execution author: pikpikcu severity: critical description: Yii 2 yiisoft/yii2 before version 2.0....

10CVSS7.5AI score0.78759EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago73 views

shadoweb wdja v1.5.1 - Cross-Site Scripting

shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...

9.6CVSS7.2AI score0.06095EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago13 views

WP User Manager – User Profile Builder & Membership - Local File Inclusion

WP User Manager – User Profile Builder & Membership plugin for WordPress = 2.9.17 contains a local file inclusion caused by improper handling in the profile template scope function, letting unauthenticated attackers execute arbitrary PHP code, exploit requires ability to upload or control PHP...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago80 views

Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion

A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server. id: CVE-2024-10516 info: name: Swift Performance Lite 2.3.7.2 - Local PHP Fil...

8.1CVSS7.4AI score0.06479EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago39 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.03223EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago18 views

idcCMS V1.60 - Cross-Site Scripting

idcCMS V1.60 is vulnerable to reflected cross-site scripting XSS via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-11587 info: name: idcCMS V1.60 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.1AI score0.00886EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago39 views

Joomla! Portfolio Nexus - Remote File Inclusion

Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF comifnexus component that allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2009-4679 info: name: Joomla! Portfol...

7.5CVSS6.3AI score0.07866EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago36 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.4AI score0.0379EPSS
Exploits0References4
Cvelist
Cvelist
added 23 hours ago6 views

CVE-2026-0487 DLL Hijacking vulnerability in SAProuter on Microsoft Windows

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS
Exploits0References2
CVE
CVE
added 23 hours ago6 views

CVE-2026-0487

CVE-2026-0487 concerns SAProuter on Microsoft Windows, where an unauthenticated attacker can load DLLs from an untrusted location, enabling arbitrary code execution through DLL hijacking. The root cause is improper DLL loading behavior that can be hijacked to execute malicious code, impacting con...

8.4CVSS6.4AI score
Exploits0References2
EUVD
EUVD
added 23 hours ago6 views

EUVD-2026-43583

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS6.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: nginx:1.24 security, bug fix, and enhancement update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.4AI score0.03459EPSS
Exploits1References2
NVD
NVD
added yesterday3 views

CVE-2026-22097

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS0.0027EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday3 views

DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution

A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...

9.8CVSS6.5AI score0.00376EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...

8.1CVSS6.1AI score0.00407EPSS
Exploits0References6
Rows per page
Query Builder