Lucene search
K

2802 matches found

CVE
CVE
added 3 hours ago7 views

CVE-2026-46459

ICU Scandinavia Boomerang is affected by a missing authentication vulnerability in its device receiver endpoints. An unauthenticated remote attacker can read full facility configurations and write unauthorized data to the sensor database. The issue is mitigated by upgrading to version 2.4.18.029....

5.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-44667

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-46459 Missing Authorization in ICU Scandinavia Boomerang

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago69 views

NETGEAR - Authentication Bypass

NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. id:...

8.8CVSS7AI score0.08656EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday64 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.1AI score0.50038EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago32 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.1AI score0.8413EPSS
Exploits5References4
NVD
NVD
added 6 days ago10 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

8.1CVSS0.00348EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55420 Discourse: Remote code execution via pdf uploads

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS0.00348EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References7Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-55420

Discourse (open-source platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, in some non-default configurations, allowed processing of PDF uploads to lead to remote code execution on the server. The root cause is tied to how PDFs are processed under specific configurations, enab...

8.1CVSS5.9AI score0.00348EPSS
Exploits0References6Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00379EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42555

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56765

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...

6.5CVSS6.1AI score0.00379EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/08 6:8 a.m.5 views

CVE-2026-59997

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP SSH File Transfer Protocol connections, potentially leading ...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.247 views

Mlflow <2.9.2 - Path Traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...

7.5CVSS7AI score0.89716EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 8:16 p.m.8 views

CVE-2026-42546

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.7 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9.8CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.35 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS0.00229EPSS
Exploits0References1
Rows per page
Query Builder