Lucene search
K

1049 matches found

CVE
CVE
added 2026/07/02 6:35 p.m.31 views

CVE-2026-13743

CVE-2026-13743 affects CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20. The issue is an improper verification of cryptographic signatures that allows an attacker with physical access to upload arbitrary malicious firmware without authentication. Per the sources, impact includes ...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 6:35 p.m.8 views

CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:16 p.m.3 views

SUSE-SU-2026:22506-1 Security update for lcms2

This update for lcms2 fixes the following issues - CVE-2026-41254: integer overflow in CubeSize in cmslut.c bsc1264994. - CVE-2026-42798: integer overflow in ParseCube in cmscgats.c bsc1263703...

7.5CVSS6AI score0.00365EPSS
Exploits1References5
OSV
OSV
added 2026/06/16 4:58 a.m.7 views

MGASA-2026-0214 Updated lcms2 packages fix security vulnerability

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

7.5CVSS5.3AI score0.00365EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Brickcom多款产品 安全漏洞

Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...

8.3CVSS5.5AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Brickcom多款产品 访问控制错误漏洞

Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...

8.3CVSS5.4AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39428

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS5.5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.4AI score0.01203EPSS
Exploits0References1
Amazon
Amazon
added 2026/05/14 12:0 a.m.7 views

Medium: lcms2

Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Affected...

7.5CVSS5.4AI score0.00365EPSS
Exploits1
NVD
NVD
added 2026/05/13 9:16 p.m.32 views

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 8:46 p.m.8 views

CVE-2026-45708 CubeCart: Authenticated RCE via Invoice Template → Order Print

CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print..php. files/.htaccess ships an explicit allow from all...

7.2CVSS5.8AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 8:43 p.m.3 views

CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS6.2AI score0.00415EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 8:42 p.m.51 views

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 8:42 p.m.3 views

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS6.2AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 8:40 p.m.17 views

CVE-2026-44376

CubeCart (v6.x) prior to 6.7.0 contains an unauthenticated Reflected XSS in the search feature. Root cause is a logic flaw in classes/catalogue.class.php that reflects unsanitized user input when a search returns exactly one product, bypassing existing filters. Consequences include the execution ...

6.1CVSS5.8AI score0.00697EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:38 p.m.8 views

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.2AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

CubeCart 跨站脚本漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a cross-site scripting vulnerability. This vulnerability stemmed from a logical flaw in the search function. When only one product was returned during a search, uncleaned user input was...

6.1CVSS5.6AI score0.00697EPSS
Exploits2References3
OSV
OSV
added 2026/05/03 9:55 a.m.10 views

OESA-2026-2128 lcms2 security update

LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...

7.5CVSS5.8AI score0.00365EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/01 2:3 a.m.8 views

SUSE CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.3AI score0.00128EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/30 8:18 a.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the ParseCube function in cmscgats.c. An attacker can cause a denial of service or potentially access sensitive information by providing specially crafted input that triggers an integer overflow...

4CVSS6AI score0.00128EPSS
Exploits0References2
Rows per page
Query Builder