Lucene search
K

1190 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.11 views

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41465

Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 1:17 p.m.5 views

GHSA-X67P-9M2R-FXQV Fleet server may terminate unexpectedly when handling certain gRPC requests

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

8.7CVSS5.9AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.30 views

CVE-2020-37174 WOOF / Products Filter Professional for WooCommerce 1.2.3 Persistent XSS

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' a...

5.5CVSS0.00256EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.6 views

CVE-2020-37169

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

6.8CVSS6AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:22 p.m.16 views

CVE-2020-37169

CVE-2020-37169 affects WordPress plugin Ultimate Member version 2.1.3. It exposes a local file inclusion flaw in class-admin-upgrade.php via the pack parameter, allowing authenticated attackers to include arbitrary PHP files from the packages directory and execute code. The CVSS data indicates a ...

6.8CVSS6AI score0.00246EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/05/13 12:15 p.m.19 views

K000160903: iControl REST vulnerability CVE-2026-42058

Security Advisory Description An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. CVE-2026-42058 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST...

5.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software11
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40625

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40652

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through...

8.7CVSS5.8AI score0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 7:8 p.m.7 views

CVE-2026-44862 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:3 p.m.6 views

CVE-2026-44858 Authenticated Stack-Based Buffer Overflow in PAPI Services

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:55 p.m.21 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 3:16 p.m.10 views

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

6.5CVSS0.00701EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 2:20 a.m.21 views

CVE-2026-40129

The vulnerability CVE-2026-40129 affects SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. A code injection flaw allows an authenticated attacker to submit specially crafted inputs that, if processed, can be delivered to channel subscribers and execute code on behalf of other users...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:20 a.m.23 views

CVE-2026-34260

Summary of CVE-2026-34260 Affected software: SAP S/4HANA with SAP Enterprise Search for ABAP . Vulnerability: A SQL injection flaw where user-controlled input is directly concatenated into SQL queries and passed to the database without proper validation or sanitization. Impact: If exploited by an...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/10 3:31 p.m.58 views

EUVD-2021-34809

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

8.8CVSS6.4AI score0.00533EPSS
Exploits0References5
NVD
NVD
added 2026/05/10 1:16 p.m.13 views

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

8.8CVSS0.00533EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.8 views

PT-2026-39517

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

8.8CVSS6.6AI score0.00617EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 5:16 p.m.10 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 12:31 p.m.7 views

EUVD-2023-60572

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exporte...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5
Rows per page
Query Builder