Lucene search
K

1471 matches found

RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-53449

A flaw was found in Coturn, an open-source TURN and STUN server. An authenticated administrator with command-line interface CLI access could exploit a vulnerability in the psd print sessions dump command. This flaw allows the administrator to overwrite arbitrary files on the system that are...

6CVSS6.2AI score0.00176EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-53448 Coturn: SQL Injection in HTTPS Admin Panel Delete Operations

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS0.00677EPSS
Exploits0References4
CVE
CVE
added 3 days ago13 views

CVE-2026-12918

Summary of CVE-2026-12918 (Mail Mint WordPress plugin) : The plugin (versions up to and including 1.24.1) is vulnerable to a general SQL Injection via the recipients parameter due to insufficient escaping and unsafe query construction. This is a second-order injection: an attacker with authentica...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-0275

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS0.0011EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-0275

Prisma Browser on macOS is affected by a Local Privilege Escalation vulnerability. An administratively authenticated user with access to the macOS local filesystem can perform actions with root privileges, impacting the device’s security. The CVSS metrics indicate LOCAL attack vector, HIGH privil...

5.4CVSS6AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS0.01101EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-0285

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS0.00487EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago4 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-0285

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS6AI score0.00487EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago11 views

CVE-2026-0285

CVE-2026-0285 : PAN-OS contains a server-side request forgery (SSRF) vulnerability that can be exploited by an authenticated administrator with network access to the management web interface, allowing unauthorized requests from the firewall to internal services. Affected relationships from the so...

7CVSS6AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS0.00487EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-59826

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS0.00391EPSS
Exploits0References6
NVD
NVD
added 4 days ago11 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS0.00289EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-59826

Metabase is an open-source BI/analytics tool. Vulnerable in versions 1.55.0 through 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2 due to not validating unsafe H2 connection properties on a database-creation path. An authenticated administrator could register a crafted H2 database connection and execut...

9.1CVSS6.2AI score0.00391EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42664

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.2AI score0.00391EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-43752

The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42652

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

0.00289EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42531

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-13080

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...

6.6CVSS6.5AI score0.0071EPSS
Exploits0References11
Rows per page
Query Builder