Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/03/21 12:16 a.m.1 views

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS0.00078EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/20 11:17 p.m.1 views

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS5.8AI score0.00078EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/03/18 6:31 p.m.7 views

Jenkins has a link following vulnerability allows arbitrary file creation

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...

8.8CVSS5.9AI score0.00261EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/02/04 12:30 a.m.2 views

GHSA-JX8C-56MG-H6VP ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

8.8CVSS6.3AI score0.00079EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2021/01/06 1:15 a.m.3 views

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

9.3CVSS6.3AI score0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2020/09/16 12:0 a.m.2 views

PT-2020-15486 · Jenkins · Jenkins Perfecto Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: The issue allows attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. This is possible because the Perfecto Plugin executes a command on th...

8.8CVSS8.8AI score0.00246EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2017/02/07 11:32 a.m.1 views

Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...

9.3CVSS7.7AI score0.03045EPSS
Exploits5References4
Rows per page
Query Builder