Lucene search
K

28 matches found

NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 6:30 a.m.44 views

CVE-2026-11497

CVE-2026-11497 affects the D-Link DCS-5615 (firmware 1.01.00). The vulnerability targets an unknown functionality in the Boa Webserver component, specifically the file /etc/conf.d/boa/boa.conf, and can lead to a least privilege violation . The attack is described as remote and the exploit has bee...

8.8CVSS5.5AI score0.00432EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44076

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTP PORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minute...

9.8CVSS6AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:14 p.m.17 views

CVE-2026-45371

CVE-2026-45371 (SiYuan) : Before v3.7.0, publish-mode Reader can mutate server state via 8 ungated APIs: POST /api/graph/getGraph, /getLocalGraph, /api/sync/setSyncInterval, /api/storage/updateRecentDocViewTime, /api/storage/updateRecentDocCloseTime, /api/storage/updateRecentDocOpenTime, /api/sto...

7.2CVSS5.9AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 4:18 p.m.21 views

CVE-2026-20164

CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/18 4:45 p.m.18 views

CVE-2026-20142

Splunk Enterprise is affected in versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11. A user with access to the Splunk _internal index in a Search Head Cluster could read the RSA accessKey from Authentication.conf in plaintext, exposing highly sensitive credentials and impacting confidentiali...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/06 4:47 p.m.41 views

CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

0.00173EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : trousers-0.3.15-1.el8 (AXSA:2021-1817:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1817:01 advisory. trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root CVE-2020-24331 trousers: tss user can be us...

7.8CVSS5.7AI score0.00553EPSS
Exploits3References4
OSV
OSV
added 2026/01/15 9:11 a.m.9 views

RLSA-2026:0596 Moderate: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: CUPS: Local denial-of-service via cupsd.conf update and related issues CVE-2025-61915 cups: Slow client communication leads to a possible DoS attack CVE-2025-584...

6CVSS6.9AI score0.00409EPSS
Exploits2References3
NVD
NVD
added 2024/11/21 8:15 p.m.11 views

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

9.8CVSS0.00845EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.10 views

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

8AI score0.00845EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.13 views

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

0.00845EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-34610 · Omegat · Omegat

Name of the Vulnerable Software and Affected Versions: OmegaT version 6.0.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .conf file, exploiting an arbitrary file upload vulnerability in the component RoamingOmega. Recommendations: For OmegaT version...

9.8CVSS8.2AI score0.00845EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/10/31 2:45 a.m.6 views

SUSE CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...

7.8CVSS9.6AI score0.03782EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2023/08/22 3:56 p.m.1 views

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

7.8CVSS7.3AI score0.00253EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.3 views

SUSE CVE-2015-2704

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...

5CVSS7.1AI score0.02915EPSS
Exploits0References4
OSV
OSV
added 2022/02/09 12:15 a.m.4 views

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

9.8CVSS6.3AI score0.02493EPSS
Exploits1References1
OSV
OSV
added 2021/01/14 3:26 p.m.9 views

OPENSUSE-SU-2021:0058-1 Security update for cobbler

This update for cobbler fixes the following issues: - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation boo1169207 Mainline logrotate conf fi...

10CVSS8.5AI score0.6786EPSS
Exploits2References71
OSV
OSV
added 2020/12/07 8:15 p.m.2 views

ALPINE-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS6.8AI score0.02909EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/07 12:0 a.m.10 views

Eldy Awstats Path Traversal Vulnerability

Eldy Awstats is Eldy personal developer of a log analysis tool applied to Web sites. The software supports analyzing Web, WAP, proxy, streaming server, FTP, mail server log files on all operating systems such as IIS 5.0 +, Apache, etc. It displays all Web statistics including: visitors, pages,...

9.8CVSS6.8AI score0.02909EPSS
Exploits1References9
Rows per page
Query Builder