Lucene search
K

123 matches found

Nuclei
Nuclei
added 13 hours ago12 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.5AI score0.25955EPSS
Exploits1References3
NVD
NVD
added 2026/06/02 8:16 p.m.10 views

CVE-2021-4478

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 7:17 p.m.19 views

CVE-2021-4478

Dräger CC-Vision Basic prior to 7.5.3 and CC-Vision E-Cal prior to 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during parsing, potentially crashing the application or allowing code execution on the host. The avail...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:17 p.m.8 views

CVE-2021-4478

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 7:17 p.m.12 views

EUVD-2021-34844

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 7:17 p.m.7 views

CVE-2021-4478 Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.11 views

PT-2026-45814

Name of the Vulnerable Software and Affected Versions Dräger CC-Vision Basic versions prior to 7.5.3 Dräger CC-Vision E-Cal versions prior to 7.2.5.0 Description An out-of-bounds write occurs when loading .gdt files. A specially crafted .gdt file can trigger a buffer overflow during file parsing,...

8.3CVSS6.3AI score0.00122EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

Dräger CC-Vision Basic和Dräger CC-Vision E-Cal 缓冲区错误漏洞

Dräger CC-Vision Basic and Dräger CC-Vision E-Cal are products of the German company Dräger. Dräger CC-Vision Basic is a portable gas detector with configuration and maintenance software. Dräger CC-Vision E-Cal is a gas detection device with electronic calibration and configuration management...

8.3CVSS5.8AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-9304

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...

5CVSS5.3AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/05/24 4:16 a.m.15 views

CVE-2026-9349

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.13 views

PT-2026-42905

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS5.7AI score0.0041EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.10 views

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

6.9CVSS6AI score0.0041EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/23 1:45 p.m.12 views

EUVD-2026-31540

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...

5CVSS5.3AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 1:30 p.m.9 views

CVE-2026-9303 calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS5.3AI score0.00194EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/23 1:30 p.m.13 views

EUVD-2026-31539

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS5.3AI score0.00194EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.8 views

cal.diy 安全漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain security vulnerabilities, which stem from unknown functions and may lead to cross-site request forgery attacks...

5.3CVSS5.6AI score0.00194EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.16 views

PT-2026-42883

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS5.3AI score0.00194EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.12 views

PT-2026-42884

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...

5CVSS5.3AI score0.00199EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 7:30 p.m.9 views

Malicious code in open-vp-cal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/24 7:30 p.m.6 views

MAL-2026-2138 Malicious code in open-vp-cal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...

5.9AI score
Exploits0References1
Rows per page
Query Builder