Lucene search
K

1540 matches found

Nuclei
Nuclei
added 6 days ago73 views

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

9.8CVSS7.8AI score0.99288EPSS
Exploits1References5
CVE
CVE
added 2026/07/06 6:0 a.m.15 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate file types on several file-management operations, enabling authenticated users with file-manager access — extended to sub-administrator roles via the premium add‑on — to upload arbitrary PHP files and achieve remote code execution....

8.8CVSS6.3AI score0.00435EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.9 views

SUSE CVE-2026-53188

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same devt it can masquerade as a ucap cdev fd...

8.8CVSS5.8AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53188

The CVE-2026-53188 entry concerns a Linux kernel RDMA/core flaw where fops passed to ib_get_ucaps() could be spoofed via a block device sharing a dev_t with a character device (char/block alias). The root cause is insufficient validation of f_ops, allowing a local attacker with access to device n...

8.8CVSS5.8AI score0.00136EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 9:36 p.m.11 views

CVE-2026-9774

CVE-2026-9774 affects ATEN Unizon via the updateLicense directory traversal, enabling arbitrary file deletion. The flaw stems from insufficient validation of a user-supplied path used in file operations. The vulnerability is exploitable remotely over network with authentication required; impact i...

6.5CVSS6.4AI score0.01195EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/20 9:16 a.m.17 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
CVE
CVE
added 2026/06/20 8:29 a.m.23 views

CVE-2026-12119

The CVE concerns the Simple File List WordPress plugin (≤6.3.7). A missing authorization check on the frontmanage shortcode attribute allows authenticated users with contributor-level access or higher to perform arbitrary file operations (delete, move, folder creation, download). The vulnerabilit...

6.5CVSS6AI score0.00267EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/20 8:29 a.m.10 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS6AI score0.00267EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51133

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw where a missing authorization check on the frontmanage shortcode attribute allows authenticated attackers with contributor-level...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.780 views

Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution

Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. id: CVE-2021-3129 info: name:...

9.8CVSS8.6AI score0.99943EPSS
Exploits36References5
CVE
CVE
added 2026/06/15 10:5 a.m.20 views

CVE-2026-34030

The CVE concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) where branch code validation is insufficient during new-branch creation. The branch code is later used in functions that generate filesystem paths for uploaded files, profile pictures, and settings. An authenticat...

6.9CVSS5.4AI score0.00327EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5References5
The Hacker News
The Hacker News
added 2026/06/13 1:23 p.m.27 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.88171EPSS
Exploits5
Cvelist
Cvelist
added 2026/06/11 6:49 p.m.32 views

CVE-2026-45176 Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this coul...

8.9CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:49 p.m.19 views

CVE-2026-45176

CVE-2026-45176 affects Idira Endpoint Privilege Manager Agent versions prior to 26.5. The issue is improper access control in high-privileged agent components, allowing a local, low-privileged attacker to manipulate an internal communication mechanism or file operation and potentially bypass perm...

8.9CVSS5.5AI score0.00124EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 6:49 p.m.12 views

CVE-2026-45176 Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this coul...

8.9CVSS5.5AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:16 p.m.273 views

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.88171EPSS
Exploits5References3
EUVD
EUVD
added 2026/06/10 5:16 p.m.11 views

EUVD-2026-36088

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS5.6AI score0.88171EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48493

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 10.2.4 Description An unauthenticated user can create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. This occurs because the endpoint...

9.8CVSS6.6AI score0.88171EPSS
Exploits5References186
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.16 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0603)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0603 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14,...

9.8CVSS6.3AI score0.88171EPSS
Exploits5References2
Rows per page
Query Builder