5156 matches found
Uniview NVR301-04S2-P4 - Cross-Site Scripting
Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...
CVE-2026-55975
creationtimestamp| type| source ---|---|--- 2026-06-25 17:15:31+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05 2026-06-27 02:01:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpaegmhwpk27 2026-06-27 03:00:27+00:00| seen|...
CVE-2026-44622
creationtimestamp| type| source ---|---|--- 2026-06-25 17:15:21+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02 2026-06-25 22:01:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5gkqc4w42u...
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...
CVE-2025-7064
creationtimestamp| type| source ---|---|--- 2026-06-23 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-05...
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...
SolarWinds Security Event Manager - Unauthenticated RCE
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. id: CVE-2024-0692 info: name: SolarWinds Security Event Manager - Unauthenticated RCE...
XCharge C6
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
CVE-2019-5460
creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...
CVE-2019-5459
creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...
CVE-2023-46814
creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...
CVE-2015-3416
creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...
CVE-2016-6153
creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...
CVE-2015-6607
creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...
PT-2026-42147
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A security check in nodevm.js designed to block the combination of nesting: true and require: false is bypassed because it uses strict equality options.require === false. If the require option is omitte...
PT-2026-42146
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description An issue exists where the Symbol.for override in setup-sandbox.js only intercepts a small portion of dangerous Node.js cross-realm symbols. This is compounded by the bridge's set, defineProperty, and...
CVE-2026-8603
creationtimestamp| type| source ---|---|--- 2026-05-19 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 2026-05-19 20:16:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mma7gqdcuo2c 2026-06-22 01:32:05+00:00| seen|...
Security Bulletin: glibc vulnerability
Summary Prior versions of Classic Remote Capture may include this vulnerability. Vulnerability Details CVEID:CVE-2025-15281 DESCRIPTION: Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized...
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive...