Lucene search
K

1315 matches found

NVD
NVD
added 2026/05/12 8:16 p.m.15 views

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:50 p.m.42 views

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS0.00606EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:50 p.m.17 views

CVE-2026-34653

Adobe Commerce users affected: versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are impacted by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). The vulnerability allows an authenticated administrator to read or write arbitrary ...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/12 7:11 p.m.20 views

CVE-2026-44864

CVE-2026-44864 affects AOS-8 and AOS-10 operating-system components exposed via the CLI and management protocol. The vulnerability is an SQL injection in several underlying service components where inputs passed unsanitized to backend queries can be exploited by an authenticated administrator to ...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:11 p.m.8 views

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:9 p.m.24 views

CVE-2026-44863

CVE-2026-44863 describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 CLI and management protocol. An authenticated attacker with administrative privileges can inject crafted input into parameters passed unsanitized to backend data...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:8 p.m.9 views

CVE-2026-44862

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:8 p.m.17 views

CVE-2026-44862

The CVE-2026-44862 entry describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could inject crafted input into parameters pas...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:6 p.m.36 views

CVE-2026-44861 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:5 p.m.32 views

CVE-2026-44860 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:5 p.m.8 views

CVE-2026-44860 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:2 p.m.7 views

CVE-2026-44857 Authenticated Stack-Based Buffer Overflow in PAPI Services

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:0 p.m.8 views

CVE-2026-44856

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/12 6:16 p.m.9 views

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

6.5CVSS0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 p.m.9 views

CVE-2026-8051

OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS0.01914EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 a.m.10 views

EUVD-2026-29367

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

8.2CVSS6.1AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.31 views

CVE-2026-34259

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

8.2CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.9 views

CVE-2026-34259 OS Command Injection Vulnerability in SAP Forecasting & Replenishment

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

8.2CVSS6.1AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Ivanti Virtual Traffic Manager 操作系统命令注入漏洞

Ivanti Virtual Traffic Manager is a software-based application delivery controller developed by the American company Ivanti. Versions of Ivanti Virtual Traffic Manager prior to 22.9r4 contained an operating system command injection vulnerability. This vulnerability stems from OS command injection...

7.2CVSS5.9AI score0.01914EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 12:0 a.m.13 views

CVE-2025-70842

FluentCMS 1.2.3 is affected in its File Management module by a Stored XSS vulnerability. An authenticated administrator can upload crafted SVG files containing malicious JavaScript, and the injected script executes in the browser of any user who accesses the direct URL to the image, including una...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder