Lucene search
+L

2134 matches found

Nuclei
Nuclei
added 18 hours ago79 views

Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting

Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...

4.3CVSS5.1AI score0.05114EPSS
Exploits1References5
Microsoft Security Update
Microsoft Security Update
added 3 days ago12 views

2026-07 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5102203)

2026-07 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 KB5102203...

6.1AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 3 days ago5 views

2026-07 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5099539)

2026-07 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems KB5099539...

6.1AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 3 days ago52 views

2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5099540)

2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems KB5099540...

6.1AI score
Exploits0
OSV
OSV
added 2026/07/09 5:46 p.m.6 views

CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.3AI score0.00391EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/09 5:46 p.m.8 views

EUVD-2026-42664

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.2AI score0.00391EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 8:27 p.m.6 views

CVE-2026-55633 DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...

8.7CVSS6.3AI score0.00501EPSS
Exploits0References6
OSV
OSV
added 2026/07/03 1:33 p.m.8 views

MINI-8VVP-FQCG-3CQH

Bulletin has no description...

5.3CVSS5.9AI score0.00463EPSS
Exploits1
EUVD
EUVD
added 2026/06/29 6:31 p.m.6 views

EUVD-2026-40170

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References3
NVD
NVD
added 2026/06/29 6:16 p.m.10 views

CVE-2026-36848

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS0.00695EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:0 a.m.7 views

CVE-2026-36848

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.40 views

CVE-2026-36848

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

0.00695EPSS
Exploits2References2
CVE
CVE
added 2026/06/29 12:0 a.m.24 views

CVE-2026-36848

Gigamon GVOS v5.16.1 and earlier is affected by a Directory Traversal in the H-VUE subsystem. The root cause is in the legacy persistd web service (port 8089) of GVOS, where DownloadDbFile and UploadDbFile handlers mishandle user-supplied paths, enabling arbitrary file read/write outside the GVOS...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/06/27 12:30 a.m.9 views

EUVD-2026-39927

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS5.9AI score0.004EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 12:30 a.m.9 views

EUVD-2026-39926

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 11:17 p.m.22 views

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 11:0 p.m.18 views

CVE-2026-56414

The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...

8.6CVSS5.9AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 11:0 p.m.33 views

CVE-2026-56414 H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS0.004EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 10:58 p.m.18 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:58 p.m.8 views

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
Rows per page
Query Builder