Lucene search
K

1723 matches found

OSV
OSV
added 2026/05/26 10:16 p.m.4 views

UBUNTU-CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:27 p.m.10 views

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 9:27 p.m.9 views

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 9:27 p.m.11 views

EUVD-2026-32008

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Axis

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could lead to potentially dangerous operations, such as LDAP queries. Passing untrusted input to this API method could expose the application to DoS,...

9.8CVSS7.2AI score0.01931EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/16 12:37 p.m.106 views

Exploit for Server-Side Request Forgery in Apache Axis

Axis1.4 CVE-2019-0227 Remote Command Execution Vulnerability E...

7.5CVSS7.3AI score0.86503EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 a.m.11 views

CVE-2026-0541

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

7.3CVSS5.8AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 a.m.14 views

CVE-2026-0802

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

7.3CVSS5.8AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 a.m.12 views

CVE-2026-0804

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

7.3CVSS5.8AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.18 views

EUVD-2026-29386

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.10 views

EUVD-2026-29385

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS5.8AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.11 views

EUVD-2026-29384

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6CVSS5.8AI score0.00396EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.11 views

EUVD-2026-29382

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 7:16 a.m.10 views

CVE-2026-0804

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

7.3CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 7:16 a.m.12 views

CVE-2026-0802

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

7.3CVSS0.00396EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 7:16 a.m.18 views

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

8.8CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:49 a.m.16 views

CVE-2026-1185

CVE-2026-1185 concerns an issue in Axis devices where a local file system configuration file is not properly validating input, enabling code execution and potential privilege escalation. The vulnerability requires an attacker to log in to the device via SSH, limiting exposure to authenticated acc...

8.8CVSS6.2AI score0.00226EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:49 a.m.9 views

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 5:49 a.m.57 views

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:46 a.m.12 views

CVE-2026-0804

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

6.7CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder