Lucene search
K

190 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/07 3:15 a.m.9 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2025-13364

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'putwpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38425

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.8 views

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS4.2AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS3.9AI score0.0026EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/16 12:47 a.m.7 views

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability

WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin = 4.8.7 - Authenticated Contributor+ Stored Cross-Site Scripting via 'putwpgm' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Maps versions = 4.8.7...

6.4CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/08 8:13 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 8:16 p.m.6 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 7:13 p.m.20 views

CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11856

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through 4.0.8...

5.8AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:42 a.m.13 views

CVE-2026-32364

CVE-2026-32364 relates to a Local File Inclusion in the WordPress Turbo Manager plugin (turbo-manager) via an improper control of the filename for include/require statements in PHP. The vulnerability affects Turbo Manager versions earlier than 4.0.8. The underlying issue is an insecure handling o...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25211

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through 4.0.8...

5.8AI score0.00381EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 7:16 p.m.4 views

CVE-2026-31881

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

9.8CVSS0.0043EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.9 views

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

8.8CVSS6.3AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/16 11:22 p.m.32 views

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

8.8CVSS0.00723EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

Honeywell WIN-PACK PRO code issue vulnerability

Honeywell WIN-PACK PRO is a security management platform software developed by the American company Honeywell. Version 4.8 of Honeywell WIN-PACK PRO contains a code vulnerability. This vulnerability stems from the ScheduleService component, which uses service paths without quotes, potentially...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001241 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...

5.6CVSS7.1AI score0.00339EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.7 views

CVE-2025-66869

Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...

7.5CVSS7.2AI score0.00286EPSS
Exploits1References1
Rows per page
Query Builder