Lucene search
+L

7073 matches found

nvd
nvd
added yesterday5 views

CVE-2026-20297

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS
Exploits0References1
nvd
nvd
added yesterday4 views

CVE-2026-47703

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
cvelist
cvelist
added yesterday15 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-62685

The CVE affects File Browser prior to version 2.63.17. The issue arises in how user scopes are built from usernames via cleanUsername() when Signup=true and CreateUserDir=true: the many-to-one normalization can collapse usernames such as team/one, team one, and team-one to the same home directory...

8.1CVSS6.1AI score
Exploits0References3
redhatcve
redhatcve
added yesterday4 views

CVE-2026-15779

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References6
euvd
euvd
added yesterday4 views

EUVD-2026-44662

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References5
cvelist
cvelist
added yesterday22 views

CVE-2026-15779 Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS
Exploits0References5
vulnrichment
vulnrichment
added yesterday9 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References4
cvelist
cvelist
added yesterday23 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS
Exploits0References4
cve
cve
added yesterday8 views

CVE-2026-15809

The CVE-2026-15809 entry applies to CRI-O. It describes a bypass of the fix for CVE-2022-4318: an attacker who can set container environment variables can inject a newline into HOME, enabling addition of arbitrary lines to /etc/passwd via a crafted environment variable. Affected component is CRI-...

7.8CVSS6.1AI score
Exploits0References4
nuclei
nuclei
added yesterday37 views

ECT Home Page Products - Reflected XSS

ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...

6.1CVSS7AI score0.00572EPSS
Exploits1References1
nuclei
nuclei
added yesterday41 views

Home Assistant HACS - Local File Inclusion

Home Assistant before 2021.1.3 lacks a protection layer against directory-traversal attacks in custom integrations, letting attackers access arbitrary files, exploit requires attacker to deploy malicious custom integration. id: CVE-2021-3152 info: name: Home Assistant HACS - Local File Inclusion...

5.3CVSS6.3AI score0.02231EPSS
Exploits0References4
ptsecurity
ptsecurity
added yesterday5 views

PT-2026-60310

Name of the Vulnerable Software and Affected Versions Node Version Manager nvm versions 0.32.1 through 0.40.5 Description An issue exists where nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts, parse the node.js mirror's index.tab and use the LTS codenam...

3.1CVSS6.4AI score
Exploits0References4
ossf
ossf
added 2 days ago6 views

Malicious code in home-mp-commons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...

6.2AI score
Exploits0References2
nvd
nvd
added 4 days ago8 views

CVE-2026-15498

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS0.00254EPSS
Exploits0References4
cve
cve
added 4 days ago11 views

CVE-2026-15498

CVE-2026-15498 affects the sergomanov SmartHomeAdatum product, specifically the Login component’s file users.php . The root cause is improper handling of the Login argument, which enables a SQL injection. The vulnerability is exploitable remotely over the network. No version details are provided ...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
nvd
nvd
added last week11 views

CVE-2026-59854

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacker-supplied absolute source paths and relies on util.IsSensitivePath in kernel/util/path.go, whose denylist misses common home-directory credential files such as...

4.9CVSS0.00278EPSS
Exploits0References4
cve
cve
added last week8 views

CVE-2026-59854

SiYuan (open-source PKM) prior to 3.7.1 allows an authenticated administrator or API-token user to copy home-directory credential files into the workspace via POST /api/file/globalCopyFiles. The root cause is util.IsSensitivePath’s denylist in kernel/util/path.go missing common home-dir dotfiles ...

4.9CVSS6AI score0.00278EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.10 views

PT-2026-57011

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...

4.9CVSS6.1AI score0.00278EPSS
Exploits0References6
osv
osv
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1454 Home Assistant Core before is vulnerable to Directory Traversal

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

8.3CVSS6AI score0.00362EPSS
Exploits1References9
Rows per page
Query Builder