Lucene search
+L

341374 matches found

Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/23 12:0 a.m.โ€ข11 views

Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/22 4:16 p.m.โ€ข5 views

DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

5.5CVSS5.9AI score0.00107EPSS
Exploits1References1
EUVD
EUVD
โ€ขadded 2026/06/16 9:32 p.m.โ€ข12 views

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

9.8CVSS8.1AI score0.0107EPSS
Exploits0References6
NVD
NVD
โ€ขadded 2026/06/16 8:16 p.m.โ€ข11 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
Nuclei
Nuclei
โ€ขadded 2026/06/16 7:13 a.m.โ€ข70 views

Pulse Connect Secure SSL VPN Arbitrary File Read

Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access. id: CVE-2019-11510 info: name: Pulse...

10CVSS8.8AI score0.99999EPSS
Exploits22References5
Nuclei
Nuclei
โ€ขadded 2026/06/16 7:13 a.m.โ€ข51 views

Fortinet FortiNAC - Arbitrary File Write

Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute...

9.8CVSS8.8AI score0.99815EPSS
Exploits7References5
Nuclei
Nuclei
โ€ขadded 2026/06/16 7:13 a.m.โ€ข257 views

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

10CVSS9.2AI score0.99941EPSS
Exploits6References5
Nuclei
Nuclei
โ€ขadded 2026/06/16 7:13 a.m.โ€ข283 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.9AI score0.99964EPSS
Exploits35References5
GithubExploit
GithubExploit
โ€ขadded 2026/06/15 7:52 p.m.โ€ข71 views

VulnAnalyzer

๐Ÿ” VulnAnalyzer 2.1 A comprehensive automated vulnerability...

6AI score
Exploits0
Github Security Blog
Github Security Blog
โ€ขadded 2026/06/15 5:19 p.m.โ€ข49 views

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.4AI score0.00107EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/15 12:0 a.m.โ€ข23 views

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References6
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข12 views

CVE-2026-50083

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.8CVSS0.00364EPSS
Exploits1References2
EUVD
EUVD
โ€ขadded 2026/06/12 3:1 p.m.โ€ข8 views

EUVD-2026-36477

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.2AI score0.00204EPSS
Exploits1References2
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/12 12:0 a.m.โ€ข18 views

PT-2026-48912

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00215EPSS
Exploits1References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/12 12:0 a.m.โ€ข32 views

PT-2026-48909

Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...

9.8CVSS5.4AI score0.00412EPSS
Exploits1References6
Github Security Blog
Github Security Blog
โ€ขadded 2026/06/10 5:11 p.m.โ€ข17 views

Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 โ€” Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...

5.8AI score0.0003EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/10 12:0 a.m.โ€ข15 views

PT-2026-48538

Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...

7.3CVSS5.9AI score0.0003EPSS
Exploits0References5
Cvelist
Cvelist
โ€ขadded 2026/06/09 8:1 p.m.โ€ข42 views

CVE-2026-47911 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/06/09 7:24 p.m.โ€ข38 views

CVE-2026-47908 Dreamweaver Desktop | Access of Uninitialized Pointer (CWE-824)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
โ€ขadded 2026/06/09 4:48 p.m.โ€ข11 views

CVE-2026-34692 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder