Lucene search
K

44 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36790

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.19 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

6.5CVSS0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49333

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager version 2.14.0 Description Incorrect access control in the "Let's Encrypt" certificate download endpoint allows authenticated attackers to obtain TLS private key material by sending a crafted GET request. Recommendations At...

6.5CVSS5.9AI score0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 a.m.16 views

CVE-2026-50892

CVE-2026-50892 affects Nginx Proxy Manager v2.14.0. The root cause is improper access control on the Let’s Encrypt certificate download endpoint, allowing authenticated attackers to obtain TLS private key material via a crafted GET request. The impact is limited to confidentiality, with the CVSS ...

6.5CVSS5.3AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.8 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.34 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.14 views

EUVD-2026-29802

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.12 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:55 p.m.34 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:55 p.m.9 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:55 p.m.22 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:55 p.m.6 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40362

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description An authenticated remote code execution issue exists in the web-based management interface. Improper input validation in the file path parameter within the...

7.2CVSS6.5AI score0.00436EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from improper validation of file path parameters during...

7.2CVSS5.8AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.7 views

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS5.8AI score0.00902EPSS
Exploits1References1
NVD
NVD
added 2026/02/24 3:16 a.m.13 views

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS0.00902EPSS
Exploits1References1
OSV
OSV
added 2026/02/24 3:16 a.m.4 views

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS6AI score0.00902EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/24 2:48 a.m.4 views

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS5.8AI score0.00902EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/24 2:48 a.m.5 views

EUVD-2026-7399

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

7.2CVSS5.8AI score0.00902EPSS
Exploits1References1
Rows per page
Query Builder