Lucene search
K

25957 matches found

Vulnrichment
Vulnrichment
added 2026/05/31 7:0 a.m.9 views

CVE-2026-10173 Orthanc Explorer 2 URL StudyList.vue cross site scripting

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

5.3CVSS4.2AI score0.00278EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.13 views

PT-2026-45177

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

5.3CVSS4.2AI score0.00278EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.12 views

Orthanc Explorer 2 代码注入漏洞

Orthanc Explorer 2 is a user interface plugin for the Orthanc Server’s open-source medical imaging management system. Versions of Orthanc Explorer 2 prior to 1.12.0 contained a code injection vulnerability. This vulnerability stemmed from the param operation in the File...

5.3CVSS5.7AI score0.00278EPSS
Exploits0References6
ICS
ICS
added 2026/05/26 12:0 a.m.23 views

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

5.5AI score
Exploits0References10
NVD
NVD
added 2026/05/23 7:16 p.m.14 views

CVE-2018-25344

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...

8.6CVSS0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25344

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.15 views

CVE-2018-25344 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...

8.6CVSS0.00162EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25344 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

10-Strike Network Inventory Explorer 安全漏洞

10-Strike Network Inventory Explorer is a scanning software developed by 10-Strike Corporation. It is used to track hardware and software on network computers. Version 8.54 of 10-Strike Network Inventory Explorer contains a security vulnerability. This vulnerability stems from a stack-based buffe...

8.6CVSS6.5AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 1:4 a.m.14 views

EUVD-2026-31386

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

9.3CVSS6.4AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 1:4 a.m.27 views

CVE-2026-9264

CVE-2026-9264 affects SketchUp 2026 where the Dynamic Components feature fails to sanitize inputs in the component options window. The root cause is improper input sanitization, allowing a crafted SKP to run arbitrary system commands and read local files via an embedded Internet Explorer 11 brows...

9.3CVSS6.4AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42704

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

6.4AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Trimble SketchUp 安全漏洞

Trimble SketchUp is a 3D modeling software developed by Trimble in the United States. It is designed for architects, urban planning experts, producers, game developers, and professionals in related fields. Trimble SketchUp has a security vulnerability that stems from improper handling of dynamic...

9.3CVSS6.4AI score0.00231EPSS
Exploits0References1
HackRead
HackRead
added 2026/05/21 10:18 a.m.16 views

Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users...

5.8AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/20 12:0 a.m.8 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users shoul...

9.3CVSS6.2AI score0.82172EPSS
In wildExploits15
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/20 12:0 a.m.10 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...

9.3CVSS7.7AI score0.91885EPSS
In wildExploits16
NVD
NVD
added 2026/05/11 6:16 p.m.12 views

CVE-2026-42316

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 4:41 p.m.33 views

CVE-2026-42316 KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS0.00344EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 4:41 p.m.8 views

CVE-2026-42316 KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS6.1AI score0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 4:41 p.m.11 views

EUVD-2026-29124

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS6.1AI score0.00344EPSS
Exploits0References3
Rows per page
Query Builder