Lucene search
K

50970 matches found

Wolfi
Wolfi
added yesterday4 views

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: rancher-agent, node-feature-discovery, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin...

5.8AI score
Exploits0
Wolfi
Wolfi
added yesterday5 views

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: rancher-agent, node-feature-discovery, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin...

5.8AI score0.00011EPSS
Exploits0
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal...

5.3CVSS5.8AI score
Exploits0
Nuclei
Nuclei
added yesterday28 views

WAVLINK - Access Control

Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform...

7.5CVSS7.2AI score0.07759EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday22 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7.2AI score0.17982EPSS
Exploits3
NVD
NVD
added 2 days ago9 views

CVE-2026-56324

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...

8.8CVSS0.00271EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-56324

Capgo contains a rate limit bypass in the channel_self endpoint prior to version 12.128.2. The vulnerability lets an attacker rotate the user-controlled device_id parameter to bypass rate limiting, enabling multiple requests per second and flooding the channel_devices table, potentially causing d...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-38374

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...

8.8CVSS5.9AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.004EPSS
Exploits1References7
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.004EPSS
Exploits1References7
NVD
NVD
added 2 days ago9 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS0.002EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2023-60594

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2023-45795

The provided CVE describes a cross-site scripting (XSS) vulnerability in the Builder Component of Pilz PASvisu before version 1.14.1. The issue allows a local unauthenticated attacker to inject malicious JavaScript and gain full control over the device. Concrete exploitation details are not provi...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2023-45795 Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-210297

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS5.9AI score0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS5.9AI score0.002EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2025-4994 Authentication Bypass for SafeLine SL6 and SL6+

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS0.002EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2025-4994

CVE-2025-4994 affects SafeLine SL6 and SL6+ devices used in elevator emergency intercoms. A BLE-facing authentication bypass allows an attacker within wireless range to obtain unauthorized administrative access to the device configuration. Documented impact includes high affects on confidentialit...

8.7CVSS5.9AI score0.002EPSS
Exploits0References1
Rows per page
Query Builder