Lucene search
K

6682 matches found

NVD
NVD
added yesterday6 views

CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-41376

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS5.8AI score
Exploits0References3
Nuclei
Nuclei
added yesterday59 views

Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

9.2CVSS7.6AI score0.83479EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago62 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.99813EPSS
Exploits25References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory overflow vulnerability was discovered in the ipc functionality of the memcg subsystem in the Linux kernel. This vulnerability occurs when a user calls the semget function multiple times, thereby creating semaphores. This flaw allows a local user to deplete resources, resulting in a denia...

5.5CVSS6.7AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 4:43 a.m.4 views

MAL-2026-5981 Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
NVD
NVD
added 2026/06/12 8:16 p.m.12 views

CVE-2026-54358

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:34 p.m.16 views

CVE-2026-54358

The CVE concerns MISP where an organization administrator can target site administrator accounts within the same organization via the administrative email function due to a faulty authorization check that fails to exclude site-admin recipients from queries. This allows privileged account-manageme...

7.5CVSS5.4AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48970

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...

7.5CVSS5.1AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 8:17 p.m.13 views

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS0.00279EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:39 p.m.12 views

Malicious code in @nstrlabs/ixel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b10f7a8ca25ac33a6d1e94038d1dbfd68d113d9ab7d7a428d97417b3409c7d On npm install, the package runs node index.js via a preinstall lifecycle hook declared as "preinstall": "node index.js || true" so failures are...

5.5AI score
Exploits0References2
NVD
NVD
added 2026/06/09 5:16 p.m.9 views

CVE-2026-0416

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router...

6.8CVSS0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:16 p.m.9 views

CVE-2026-0414

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 3:50 p.m.24 views

CVE-2026-0415

CVE-2026-0415 affects certain NETGEAR Orbi routers where insufficient input validation by the device allows authenticated administrators on the local network to modify router software and functionality without authorization. The description specifies that the vulnerability arises from input valid...

6.8CVSS5.4AI score0.00229EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2026/06/09 3:50 p.m.16 views

CVE-2026-0416

CVE-2026-0416 affects Netgear RAXE450 and RAXE500 routers. Authenticated administrators on the local network can modify router functionality beyond what is intended via the standard management interface. Documented CVSS shows adjacent access, high privileges, no user interaction, and integrity im...

6.8CVSS5.4AI score0.0018EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47857

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...

7.1CVSS5.9AI score0.00216EPSS
Exploits0References34
CVE
CVE
added 2026/06/08 2:0 p.m.18 views

CVE-2026-11520

Summary: CVE-2026-11520 affects SourceCodester Inventory System 1.0, with the vulnerability in the header.php file enabling cross-site scripting. The issue can be triggered remotely and multiple parameters may be affected. Public exploit material exists. The connected records confirm the vulnerab...

5.1CVSS3.9AI score0.00248EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:0 p.m.6 views

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

5.1CVSS3.9AI score0.00248EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder