2134 matches found
Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...
2026-07 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5102203)
2026-07 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 KB5102203...
2026-07 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5099539)
2026-07 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems KB5099539...
2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5099540)
2026-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems KB5099540...
CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass
Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...
EUVD-2026-42664
Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...
CVE-2026-55633 DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol...
MINI-8VVP-FQCG-3CQH
Bulletin has no description...
EUVD-2026-40170
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...
CVE-2026-36848
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...
CVE-2026-36848
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...
CVE-2026-36848
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...
CVE-2026-36848
Gigamon GVOS v5.16.1 and earlier is affected by a Directory Traversal in the H-VUE subsystem. The root cause is in the legacy persistd web service (port 8089) of GVOS, where DownloadDbFile and UploadDbFile handlers mishandle user-supplied paths, enabling arbitrary file read/write outside the GVOS...
EUVD-2026-39927
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...
EUVD-2026-39926
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...
CVE-2026-55975
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...
CVE-2026-56414
The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...
CVE-2026-56414 H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...
CVE-2026-55975
CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...
CVE-2026-55975
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...