Lucene search
K

2485 matches found

Cvelist
Cvelist
added 2026/06/24 9:37 p.m.22 views

CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:37 p.m.11 views

CVE-2026-9778

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS6.4AI score0.01477EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.6 views

CVE-2026-9777

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

7.2CVSS6.4AI score0.01477EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 9:36 p.m.10 views

CVE-2026-9777

CVE-2026-9777 pertains to ATEN Unizon’s restoreDB function, where inadequate validation of a user-supplied path in file operations enables a Directory Traversal leading to Remote Code Execution . The flaw can execute arbitrary code in the context of SYSTEM and requires authentication to exploit. ...

7.2CVSS7.6AI score0.01477EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 9:36 p.m.11 views

CVE-2026-9775

CVE-2026-9775 concerns ATEN Unizon uploadSSL, where a directory traversal flaw allows an attacker to delete arbitrary files due to improper validation of a user-supplied path in file operations. The vulnerability can result in file deletion or denial-of-service, with authentication required and n...

6.5CVSS6.4AI score0.01195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.17 views

CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

5.5CVSS0.01195EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:36 p.m.14 views

CVE-2026-9774

CVE-2026-9774 affects ATEN Unizon via the updateLicense directory traversal, enabling arbitrary file deletion. The flaw stems from insufficient validation of a user-supplied path used in file operations. The vulnerability is exploitable remotely over network with authentication required; impact i...

6.5CVSS6.4AI score0.01195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.18 views

CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS0.01195EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:35 p.m.20 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection (CVE-2026-9772) allows authenticated attackers to execute arbitrary code on affected installations via a crafted FileUpload.php input, executing a system call as www-data. Root cause: insufficient validation of a user-supplied string before a system ...

8.8CVSS7.8AI score0.01114EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:35 p.m.5 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS6.4AI score0.01114EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.23 views

CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 2:20 p.m.33 views

CVE-2026-50699 Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...

4.6CVSS0.00313EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.5 views

CVE-2026-10091

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

7.2CVSS6AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52119

Name of the Vulnerable Software and Affected Versions Unraid Web Server affected versions not specified Description A command injection flaw in the FileUpload.php file allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue is caused by...

8.8CVSS7.7AI score0.01114EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52124

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the restoreDB function allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a user-supplied...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52125

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52126

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue exists where the software fails to properly verify cryptographic signatures, allowing authenticated remote attackers to execute arbitrary code in the context of SYSTEM. The flaw ...

7.2CVSS7.4AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52120

Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...

8.8CVSS7.7AI score0.01126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52121

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the updateLicense method, where a lack of proper validation of user-supplied paths allows authenticated remote attackers to delete arbitrary files. Th...

6.5CVSS6.2AI score0.01195EPSS
Exploits0References6
Rows per page
Query Builder