Lucene search
K

7967 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-41072

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39926

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
NVD
NVD
added last week16 views

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
Cvelist
Cvelist
added last week26 views

CVE-2026-55975 H.VIEW HV-500S6 IP Camera OS Command Injection

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52990

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP cameras affected versions not specified Description An authenticated user can supply unsanitized XML fields to the certificate generation interface. These fields are incorporated into a backend certificate creation command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/25 3:5 p.m.28 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS0.01191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:5 p.m.4 views

EUVD-2026-39434

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS6AI score0.01191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:5 p.m.4 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS6AI score0.01191EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.8 views

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:34 p.m.5 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/24 5:19 p.m.15 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.01131EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-12417 SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS0.00454EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/22 5:53 p.m.33 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10902

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Node.js

There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for and potentially load ICU data when running with elevated privileges...

4.2CVSS6.7AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50906

Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
Rows per page
Query Builder