Lucene search
K

23 matches found

NVD
NVD
added 2026/06/26 10:16 p.m.13 views

CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...

6.5CVSS0.00263EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.7 views

CVE-2023-29924

PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution...

9.8CVSS7.4AI score0.01081EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-3680

Malware in sbrugna...

7.4CVSS6.9AI score0.00873EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8188

Malicious code in bioql PyPI...

9.8CVSS6.7AI score0.0129EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29582

Malicious code in bioql PyPI...

7.8CVSS6.1AI score0.02189EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2025/05/22 12:43 p.m.7 views

CVE-2010-3287

Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors...

8.3CVSS8.1AI score0.0189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:12 a.m.10 views

CVE-2024-2359

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...

9.8CVSS8.3AI score0.01219EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/12/13 12:21 a.m.2 views

SUSE CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS7.1AI score0.00598EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/15 8:42 a.m.23 views

CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS8.2AI score0.0077EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.5 views

PT-2024-20802 · Pdfmake · Pdfmake

Name of the Vulnerable Software and Affected Versions: pdfmake version 0.2.9 Description: An issue in pdfmake allows remote attackers to run arbitrary code via a crafted POST request to the /pdf endpoint. Note that the behavior of the /pdf endpoint is intentional and only available after installi...

9.8CVSS6.7AI score0.01024EPSS
Exploits2References13
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.7 views

CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

7.6AI score0.02264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-15570 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: Seacms version 12.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the ip parameter at the "admin ip.php" endpoint. Recommendations: For Seacms version 12.7, consider restricting access...

7.2CVSS7.2AI score0.01428EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/31 12:0 a.m.31 views

Apple Mac OS X Security Update (HT213056)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.6AI score0.01688EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/03 12:0 a.m.4 views

PT-2021-10336 · Vaethink · Vaethink

Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: A vulnerability in the vae admin rule database table allows attackers to execute arbitrary code via a crafted payload in the condition parameter. Recommendations: For vaeThink version 1.0.1, consider...

9.8CVSS9.4AI score0.025EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/04/23 12:0 a.m.8 views

PT-2021-4232 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.12.2 Description: The issue is caused by a race condition in the net/bluetooth/hci request.c component of the Linux operating system, resulting from concurrent execution with shared resources and improper...

9.8CVSS7.8AI score0.88106EPSS
Exploits226References1394
Cvelist
Cvelist
added 2020/06/10 3:36 p.m.58 views

CVE-2020-7674

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...

9.7AI score0.02512EPSS
Exploits1References1
NVD
NVD
added 2018/02/08 6:29 p.m.17 views

CVE-2017-17423

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue resul...

9.8CVSS9.7AI score0.03933EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2016/12/15 12:0 a.m.514 views

[ASA-201612-17] lib32-flashplugin: multiple issues

Arch Linux Security Advisory ASA-201612-17 ========================================== Severity: Critical Date : 2016-12-15 CVE-ID : CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-78...

9.3CVSS1.6AI score0.18786EPSS
Exploits0References19
FreeBSD
FreeBSD
added 2015/04/29 12:0 a.m.27 views

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...

7.7CVSS7AI score0.15275EPSS
Exploits1References3
Saint
Saint
added 2012/07/23 12:0 a.m.34 views

HP Data Protector Express Opcode 0x320 Overflow

Added: 07/23/2012 CVE: CVE-2012-0121 BID: 52431 OSVDB: 80102 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not...

10CVSS7.1AI score0.10436EPSS
Exploits4
Rows per page
Query Builder