Lucene search
K

6959 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.26 views

CVE-2026-12819

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:28 a.m.7 views

EUVD-2026-40258

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54008

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.25 Description Picklescan fails to detect unsafe global functions within the Numpy library, which allows attackers to bypass static analysis. This issue enables the execution of arbitrary code during...

7.6CVSS6.4AI score0.00552EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 2:16 p.m.3 views

UBUNTU-CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.6 views

CVE-2026-54369

A flaw was found in the acl package, specifically within its libacl pathname-based functions. A local attacker could exploit this vulnerability by using a symbolic link to replace a pathname component. This could allow the attacker to redirect access control list ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 1:0 p.m.5 views

Symlink Attack

Overview acl is a None Affected versions of this package are vulnerable to Symlink Attack. via the libacl functions. An attacker can gain unauthorized access to or modify access control lists by replacing a pathname component with a symbolic link, redirecting ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 12:37 p.m.10 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-400 llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.4AI score0.00327EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-456 PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Summary pkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...

10CVSS5.8AI score0.00623EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM...

6AI score0.00172EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00158EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...

5.8AI score0.00172EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES16: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2026:22177-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22177-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References26
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-1840

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS0.00726EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/24 8:18 p.m.11 views

GHSA-HV8M-JJ95-WG3X vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:47 p.m.5 views

CVE-2026-1840

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 7:47 p.m.9 views

CVE-2026-1840

The CVE concerns Hubbell Aclara Metrum Cellular Web Interface, where unauthorized access arises from missing authentication on critical system functions. This allows attackers to alter essential configuration settings, trigger system restarts, and potentially disrupt device communications. CISA a...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:47 p.m.21 views

CVE-2026-1840 Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS0.00726EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 7:47 p.m.5 views

EUVD-2026-39058

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 2:25 p.m.35 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
Rows per page
Query Builder