Lucene search
K

4427 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.7 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 11:15 a.m.6 views

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 11:15 a.m.4 views

UBUNTU-CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS5.9AI score0.00266EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.6 views

CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

7.8CVSS6AI score0.00251EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/21 10:25 p.m.7 views

CVE-2026-21927

Vulnerability in the Oracle Solaris product of Oracle Systems component: Driver. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

5.8CVSS5.5AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 10:24 p.m.5 views

CVE-2026-21935

Vulnerability in the Oracle Solaris product of Oracle Systems component: Driver. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

5.8CVSS5.5AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 10:24 p.m.13 views

CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

10CVSS5.5AI score0.42658EPSS
Exploits4References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.8 views

EUVD-2026-3558

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Integration Broker. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS5.5AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:31 a.m.9 views

EUVD-2026-3536

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Oracle Analytics Cloud. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

7.1CVSS5.5AI score0.00135EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3582

Vulnerability in the Oracle Solaris product of Oracle Systems component: Driver. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

5.8CVSS5.5AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:16 p.m.8 views

CVE-2026-21976

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Oracle Analytics Cloud. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure...

7.1CVSS0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:15 p.m.6 views

CVE-2026-21967

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Opera Servlet. Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

8.6CVSS5.8AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:15 p.m.3 views

CVE-2026-21927

Vulnerability in the Oracle Solaris product of Oracle Systems component: Driver. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

5.8CVSS5.8AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:56 p.m.7 views

CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

10CVSS7.5AI score0.42658EPSS
Exploits4References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/15 3:15 p.m.7 views

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

10CVSS7.3AI score0.00644EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 3:16 p.m.8 views

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

10CVSS0.00644EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 3:16 p.m.11 views

CVE-2026-22236

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the...

10CVSS0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 2:38 p.m.23 views

CVE-2026-22238 Administrator Account Creation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

10CVSS0.00644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-49313

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...

9.8CVSS7.3AI score0.0132EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:4 p.m.7 views

CVE-2018-2880

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Back Office. The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks...

7.5CVSS6.4AI score0.01675EPSS
Exploits0References1
Rows per page
Query Builder