Lucene search
K

19 matches found

NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:11 p.m.9 views

EUVD-2026-37908

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:11 p.m.22 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:11 p.m.7 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.3AI score0.0028EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50712

Name of the Vulnerable Software and Affected Versions Webmin affected versions not specified Description Unauthenticated attackers can read the contents of any file ending in .conf within module directories. This is caused by a bypassable regex pattern, which is a sequence of characters used to...

6.9CVSS5.8AI score0.0028EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/05/13 11:30 a.m.22 views

Most Remediation Programs Never Confirm the Fix Actually Worked

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.24 views

PT-2026-39208

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.11 Description The isInternalAddress function in packages/service/common/system/utils.ts fails to properly block cloud metadata endpoints. The function uses a fullUrl.startsWith check against a hardcoded list tha...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/05/07 10:21 a.m.18 views

If a fake moustache can fool age checks, is the Online Safety Act working?

A report based on a survey by the UK’s Internet Matters shows that much of the responsibility for managing the online safety of children still falls on families. The Online Safety Act came into effect in July, 2025, and the report explores what has changed in the online lives of UK families since...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/23 10:11 p.m.29 views

CVE-2025-54365 fastapi-guard patch contains bypassable RegEx

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...

8.8CVSS0.00734EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.17 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2024:3732-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3732-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed...

7.5CVSS6.7AI score0.01077EPSS
Exploits3References10
Vulnrichment
Vulnrichment
added 2024/10/08 3:56 a.m.20 views

CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

7.5CVSS6.9AI score0.01077EPSS
Exploits1References1
NVD
NVD
added 2024/05/03 3:15 a.m.19 views

CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is requir...

7.2CVSS7.5AI score0.01002EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/15 8:58 a.m.27 views

Improper Rate Limiting

@strapi/admin and @strapi/plugin-users-permissions vulnerable to Improper Rate Limiting. The vulnerability is due to bypassable rate limiting logic in the admin and user authentication endpoints which could theoretically allow an attacker to brute force valid username and password combinations...

9.8CVSS7.1AI score0.00761EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2023/03/29 7:15 p.m.3 views

CVE-2022-36981

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.8CVSS6.2AI score0.83436EPSS
Exploits0References2
CNVD
CNVD
added 2021/10/09 12:0 a.m.26 views

Wire has unspecified vulnerabilities (CNVD-2022-10740)

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, the ability to make voice calls, send photos, and its ingenious way of saying hello, PING. Wire has a security vulnerability that allows users of Wire by...

4.6CVSS2.1AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2017/06/19 3:0 p.m.4 views

UBUNTU-CVE-2017-1000365

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel version...

7.8CVSS6.6AI score0.00899EPSS
Exploits0References9
Hacker One
Hacker One
added 2017/01/04 1:53 a.m.14 views

U.S. Dept Of Defense: Video player on ███ allows arbitrary remote videos to be played

Summary: A Flash video player hosted on ███████ can be provided with an arbitrary remote XML file via the url query string parameter. Description: The Flash video player http://█████/shared/widgets/popup.asp uses the url query string parameter as an address to fetch an RSS feed type XML document...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/10/16 12:0 a.m.17 views

SEO Control Panel 3.6.0 SQL Injection Vulnerability

SEO Control Panel version 3.0 suffers from a remote authenticated SQL injection vulnerability. Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho email protected or email protected Vendor Homepage: www.seopanel.in Software Link:...

7.9AI score
Exploits0
Rows per page
Query Builder