44 matches found
CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-45391
A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account...
CVE-2026-45392
DOM-based cross-site scripting XSS in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page...
CVE-2026-45393
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory CWE-276 expose a cryptographic secret used for JWT signing and...
CVE-2026-45393 Local privilege escalation to SYSTEM in Cribl Edge for Windows
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory CWE-276 expose a cryptographic secret used for JWT signing and...
CVE-2026-45392
Technical details about CVE-2026-45392 are not publicly available in the provided documents. Monitor for updates from official disclosures; no affected product/version, root cause, impact, or remediation information is provided here.
Siemens SIPROTEC 5
SUMMARY The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session...
EUVD-2026-18346
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-1971
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...
CVE-2025-20393
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...
EUVD-2025-105167
Malicious code in forthcomingurialz3n npm...
MAL-2025-102877 Malicious code in forthcoming_wombat_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc95ac3c70d51b6bf62221932230ee6d58588f4d830aba86935840c2facdec73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-81873
Malicious code in forthcomingwombat0xrequest npm...
EUVD-2025-70342
Malicious code in forthcomingguanacoz3n npm...
Malicious code in forthcoming_fowl_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5debd5dea01e379e7a1081b41a9d314b85bdfdf98823214f787d8a415fd1dc10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-54251
Malicious code in forthcoming-copper-echidna npm...
Malicious code in forthcoming-violet-limpet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57a5114f5245158f4de27e939c61bf96712a048d25d332c328cb93b9c4f35b03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-54249
Malicious code in forthcoming-peach-panda npm...
EUVD-2025-54250
Malicious code in forthcoming-olive-chameleon npm...