Lucene search
K

2248 matches found

CVE
CVE
added 13 hours ago7 views

CVE-2026-10103

Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...

4.3CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added 17 hours ago79 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

9CVSS7.2AI score0.74979EPSS
Exploits5References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42291

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42290

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

7.2CVSS0.00957EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-24697

Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-24700

Cisco CVE-2026-24700 affects the RC binary’s start_lltd() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The machine_name parameter is not properly sanitized, enabling OS command injection by an authenticated remote attacker with root privileges. Documented imp...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56621

Name of the Vulnerable Software and Affected Versions CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 UDiTH Portal versions 2026.0.0 through 2026.2.0 Description An authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.19 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54922

Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...

8.7CVSS5.9AI score0.00191EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39113

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

5.5CVSS6.4AI score0.01195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51522

🚨 CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.6AI score0.00664EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/19 2:46 p.m.10 views

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

8.4CVSS5.8AI score0.00302EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:12 p.m.6 views

CVE-2026-54104

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS5.3AI score0.004EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 9:37 a.m.11 views

CVE-2026-11847 Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:37 a.m.17 views

CVE-2026-11847

The CVE-2026-11847 entry concerns the iVEC-IEI Virtualization Edge Computer from IEI Integration Corp. Affected component is the system’s path traversal vulnerability that allows authenticated remote attackers to create directories in unintended system paths. Documented impact indicates unauthori...

5.3CVSS5.5AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:31 a.m.35 views

CVE-2026-11846 IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

8.1CVSS0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:31 a.m.8 views

CVE-2026-11846 IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

8.1CVSS5.6AI score0.00401EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 9:31 a.m.10 views

EUVD-2026-36406

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

8.1CVSS5.6AI score0.00401EPSS
Exploits0References2
Rows per page
Query Builder