Lucene search
K

203141 matches found

EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39408

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-57587

The CVE-2026-57587 entry describes a SQL injection in Nessus affecting the scan results database. An unauthenticated remote attacker who controls reverse DNS records for a scanned host can inject malicious SQL, potentially exfiltrating scan-result data. The connected documents specify Nessus as t...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39355

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.3CVSS5.9AI score0.00067EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.3CVSS0.00067EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-46734

Dell DDPM Mac is affected by CVE-2026-46734: an Improper Certificate Validation in DDPM Mac versions prior to 2.3. The issue allows a local, low-privilege attacker (requires user interaction) to bypass protections, with potential impact on confidentiality, integrity, and availability (CVSSv3.1: 7...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

6.7CVSS0.00075EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-49506

Dell Wyse Management Suite before version 5.5 HF1 is affected by CVE-2026-49506: an improper limitation of a pathname to a restricted directory (path traversal) could allow a high-privilege attacker with remote access to achieve remote code execution. Affected product: Dell Wyse Management Suite;...

7.2CVSS6AI score0.00548EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago8 views

CVE-2026-46733

Dell Display and Peripheral Manager (DDPM Windows) before version 2.3 is affected by an Improper Access Control vulnerability that could allow a low-privilege, locally authenticated attacker to achieve code execution. The available documents do not specify the exact root cause, exploit path, or a...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

0.00216EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-12755

CVE-2026-12755 affects Devolutions Server 2026.2.4.0–2026.2.7.0. It is caused by improper input validation in the PAM AD discovery endpoints. An authenticated user with the UserGroupsView permission can coerce server-side authentication to an attacker-controlled host, exposing PAM provider creden...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0
RedHat Linux
RedHat Linux
added 6 days ago4 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.2AI score0.01368EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.3CVSS6.3AI score0.00304EPSS
Exploits2References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39184

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

7.2CVSS5.9AI score0.00265EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS0.00265EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago2 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References8
Nuclei
Nuclei
added 6 days ago23 views

rConfig 3.9.4 - Cross-Site Scripting

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php id: CVE-2020-12259 info: name: rConfig 3.9.4 - Cross-Site Scripting...

5.4CVSS6.7AI score0.94767EPSS
Exploits0References5
Nuclei
Nuclei
added 6 days ago110 views

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account

The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...

9.8CVSS7.6AI score0.89218EPSS
Exploits2References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Nuclei
Nuclei
added 6 days ago54 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.99597EPSS
Exploits3References4
Rows per page
Query Builder