Lucene search
+L

364182 matches found

bdu_fstec
bdu_fstec
added 1 hour ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
bdu_fstec
bdu_fstec
added 1 hour ago25 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
bdu_fstec
bdu_fstec
added 1 hour ago17 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
euvd
euvd
added 5 hours ago4 views

EUVD-2026-44898

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS6.3AI score
Exploits0References10
cve
cve
added 5 hours ago14 views

CVE-2026-15008

The CVE concerns The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress. All versions up to and including 7.3.1.4 are affected by an arbitrary file deletion vulnerability caused by insufficient file path validation in the fr_token function, enabling...

8.1CVSS6.5AI score
Exploits0References7
cve
cve
added 7 hours ago9 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday5 views

CVE-2026-52890

CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...

7.1CVSS6.2AI score0.00074EPSS
Exploits0References3
cvelist
cvelist
added yesterday17 views

CVE-2026-52890 Wekan: Arbitrary file read and server DoS via attachment versions.original.path

Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments....

7.1CVSS0.00074EPSS
Exploits0References3
cve
cve
added yesterday11 views

CVE-2026-50030

DataEase prior to 2.10.23 exposes the SQL preview path (DatasetDataApi.previewSql/previewSqlCheck) via /de2api/datasetData/previewSql, accepting PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross. The system stores decoded SQL in datasourceRequest.query and CalciteProvider.f...

7.1CVSS6.2AI score0.00025EPSS
Exploits0References3
cve
cve
added yesterday8 views

CVE-2026-45419

DataEase contains an arbitrary file write vulnerability present before version 2.10.23. The flaw resides in template handling: the TemplateManageService#save, StaticResourceServer#saveFilesToServe methods and the /de2api/templateManage/save endpoint accept attacker-controlled staticResource names...

8.5CVSS6.2AI score0.00024EPSS
Exploits0References3
susecve
susecve
added yesterday7 views

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

5.2CVSS6.2AI score0.00669EPSS
Exploits0References4
cve
cve
added yesterday10 views

CVE-2026-12997

Summary of CVE-2026-12997 : The Gravity Forms plugin for WordPress is vulnerable to a Directory Traversal flaw in all versions up to and including 2.10.4, exploitable via the gform_uploaded_files parameter. An unauthenticated attacker can read arbitrary server files containing sensitive informati...

7.5CVSS6.2AI score
Exploits0References2
cve
cve
added yesterday18 views

CVE-2026-20296

The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...

8.3CVSS6.2AI score
Exploits0References1
nvd
nvd
added yesterday22 views

CVE-2026-20146

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS
Exploits0References1
cve
cve
added yesterday13 views

CVE-2026-20146

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by CVE-2026-20146. The issue stems from improper validation of user-supplied input, enabling a remote, authenticated attacker (with valid administrative credentials) to perform path traversal via a crafted HTTP request and read or dele...

5.5CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-9007

CVE-2026-9007 is a reflected cross-site scripting (XSS) vulnerability in HCL Notes from HCL Software. The issue stems from improper neutralization of input during web page generation, allowing an attacker to execute arbitrary JavaScript in the context of another user. Affected product/version: HC...

5.5CVSS6.3AI score
Exploits0References1
cvelist
cvelist
added yesterday16 views

CVE-2026-9007 Reflected XSS in HCL Notes

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-50147 Metabase: Arbitrary File Read via MySQL Connection Property Injection

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS0.00037EPSS
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-50147

Summary : Metabase contains an arbitrary file-read vulnerability in multiple affected releases. From 1.57.0 through 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files on the Metabase host by injecting unsafe JDBC parame...

7.6CVSS6.2AI score0.00037EPSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-50148

Metabase up to versions 1.60.4 is affected by CVE-2026-50148 due to a Snowflake JDBC driver flaw that allows an attacker who can configure a Snowflake connection to write arbitrary files on the Metabase host, potentially replacing a Metabase database driver file and achieving remote code executio...

10CVSS6.6AI score0.00338EPSS
Exploits0References1
Rows per page
Query Builder