Lucene search
K

9192 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52990

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP cameras affected versions not specified Description An authenticated user can supply unsanitized XML fields to the certificate generation interface. These fields are incorporated into a backend certificate creation command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:5 p.m.5 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS6AI score0.01191EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 3:5 p.m.5 views

EUVD-2026-39434

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS6AI score0.01191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:5 p.m.33 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS0.01191EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.9 views

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:34 p.m.5 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/24 5:19 p.m.16 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.00889EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in busybox

A flaw was discovered in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by creating a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead...

7CVSS7.1AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-12417 SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS0.00454EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/24 12:30 a.m.9 views

EUVD-2026-38636

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS5.9AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:15 p.m.6 views

CVE-2026-12164

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS5.9AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51605

Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0 Description An issue exists where incorrect or elevated effective permissions may be assigned to users created by the tetool import command while the software is running. This occurs...

4.4CVSS5.7AI score0.00101EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/22 5:53 p.m.35 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.9 views

EUVD-2016-10902

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Node.js

There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for and potentially load ICU data when running with elevated privileges...

4.2CVSS6.7AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50906

Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50869

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

8.8CVSS5.7AI score0.00282EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.13 views

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
Rows per page
Query Builder