Lucene search
K

1081 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42975

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 2:3 p.m.6 views

EUVD-2026-41375

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:3 p.m.7 views

CVE-2026-8079

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 2:3 p.m.16 views

CVE-2026-8079

Progress Flowmon is affected in versions prior to 12.5.9 and 13.0.11, where an authenticated low-privileged user can craft a PDF-generation request that causes operations to run with another user’s privileges, potentially exposing sensitive data and enabling unintended configuration changes. The ...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/02 2:3 p.m.40 views

CVE-2026-8079 Unintended limited set of actions with elevated privileges may be performed during PDF generation in Progress Flowmon

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 1:49 p.m.6 views

EUVD-2026-40997

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:47 p.m.24 views

CVE-2026-1840 Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS0.00726EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.9 views

Siemens SINEC OS Use of Web Browser Cache Containing Sensitive Information (CVE-2026-41918)

The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser. This plugin only works with Tenable.ot. Please visit...

5.9CVSS6AI score0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.20 views

CVE-2026-50881

The vulnerability CVE-2026-50881 affects impworks Bonsai v6.0 and is due to incorrect access control. Authenticated attackers with Editor privileges can escalate to Administrator and perform unauthorized account, password, and configuration changes. The NVD/ENISA and related sources describe the ...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.16 views

EUVD-2026-36621

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.15 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 p.m.9 views

CVE-2026-9212 Insufficient authentication and input validation in certain NETGEAR products

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.0027EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47859

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient authentication and input validation allow users connected to the local network to execute commands, which can impact product confidentiality or allow the modification of certain...

8.3CVSS5.4AI score0.0027EPSS
Exploits0References27
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:21 p.m.9 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.6AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder