Lucene search
K

464 matches found

Nuclei
Nuclei
added yesterday9 views

SiYuan <= 3.6.5 - Unauthenticated Path Traversal

SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42725

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185RT10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References13
OSV
OSV
added 6 days ago4 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS6.1AI score0.00316EPSS
Exploits0References5
CVE
CVE
added 6 days ago9 views

CVE-2026-15271

CVE-2026-15271 affects TOTOLINK models A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200. The issue concerns an unspecified functionality in the Web Interface component, specifically the file /etc/boa/boa.conf, where manipulation can lead to a least privilege violation . The attack ...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References12
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15270 D-link DIR-823G Web boa.conf least privilege violation

A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...

7.7CVSS0.00443EPSS
Exploits0References6
CVE
CVE
added 6 days ago10 views

CVE-2026-15270

D-Link DIR-823G (firmware 1.0.2B05_20181207) Web Interface vulnerable via manipulation of /etc/boa/boa.conf, causing a least-privilege violation. Exploit is remote with high complexity; public exploit exists. No remediation details provided in the supplied documents.

7.7CVSS6.4AI score0.00443EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added last week17 views

Malicious code in tslint-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31b464b1646f8e2d36ce68a86af599cc49d5381f08af70302ff01f42957234a1 The package presents itself as the pino logger README, index.d.ts, docs/, and lib/ files all reference pinojs/pino but is published under the unrelat...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54917

Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...

9.8CVSS6AI score0.01671EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5188 SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk in github.com/siyuan-note/siyuan/kernel

SiYuan: Broken access control in /api/tag/getTag — Reader role can mutate Conf.Tag.Sort and persist to disk in github.com/siyuan-note/siyuan/kernel...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 3:31 p.m.4 views

OPENSUSE-RU-2026:21160-1 Recommended update for dnscrypt-proxy

This update for dnscrypt-proxy fixes the following issues: Changes in dnscrypt-proxy: - Update to version 2.1.16 The "tlsciphersuite" option is now a no-op. Modern TLS stacks no longer expose cipher suite selection in a meaningful way, and the option had become misleading A log size of 0 no longe...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References8
NVD
NVD
added 2026/06/24 5:17 a.m.8 views

CVE-2026-12851

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:40 a.m.8 views

EUVD-2026-38653

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:40 a.m.9 views

CVE-2026-12851

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.34 views

CVE-2026-12851 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 5:11 p.m.9 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

7.2CVSS5.8AI score0.18993EPSS
Exploits17References2Affected Software1
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:11 p.m.30 views

CVE-2026-56021

CVE-2026-56021 affects Webmin. An unauthenticated attacker can read contents of any .conf file in module directories because of a bypassable regex pattern, causing information disclosure (confidentiality impact: low). The CVSS metrics place it at Medium: CVSS v3.1 base score 5.3 (NETWORK, LOW com...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:11 p.m.7 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.3AI score0.0028EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 4:11 p.m.23 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 4:11 p.m.3 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS6AI score0.0028EPSS
Exploits0References6
Rows per page
Query Builder