Lucene search
K

84 matches found

CVE
CVE
added last week22 views

CVE-2026-55849

The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 3:0 a.m.33 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS0.00366EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Command Injection

Overview @cyclonedx/cyclonedx-npm is a Create CycloneDX Software Bill of Materials SBOM from NPM projects. Affected versions of this package are vulnerable to Command Injection via the --workspace argument when the environment variable npmexecpath is unset or empty. An attacker can execute...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 10:17 p.m.3 views

CVE-2026-54533 vantage6 node has an Improper Access Control issue

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

6.9CVSS6AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40029

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS5.9AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 2:16 p.m.12 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.9 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS6.2AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/10 7:59 p.m.30 views

CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:16 a.m.7 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/19 3:49 p.m.6 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS8.5AI score0.00329EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.5 views

CVE-2026-25335 WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through = 5.0.0...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 1:15 p.m.7 views

CVE-2025-54148

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

6.5CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 12:19 p.m.6 views

CVE-2025-47209 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

5.3CVSS5.5AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/11 12:18 p.m.27 views

CVE-2025-54147 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

5.3CVSS0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 a.m.7 views

CVE-2026-2200

A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...

4.8CVSS3.6AI score0.00223EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.6 views

PT-2026-7272

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 5.0.0 through 5.0.1 Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox version 4.2 Fortinet FortiSandbox version 4.0 Description An Improper Neutralization of Input During Web Page Generatio...

8.8CVSS5.8AI score0.06289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2488

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 through 5.0.4 Fortinet FortiSandbox version 4.4 Fortinet FortiSandbox version 4.2 Description An authenticated attacker may be able to proxy internal requests limited to plaintext endpoints only by sending...

5.5CVSS5.9AI score0.00379EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.5 views

CVE-2022-38063

Cross-Site Request Forgery CSRF vulnerability in Social Login WP plugin = 5.0.0.0 versions...

8.8CVSS7AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 2:11 p.m.4 views

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

3.8CVSS6.3AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.7 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.11196EPSS
Exploits0References1
Rows per page
Query Builder