Lucene search
+L

578 matches found

Nuclei
Nuclei
added yesterday37 views

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...

9.3CVSS6.7AI score0.0282EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday12 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS5.8AI score0.22189EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score0.00142EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Chromium: CVE-2026-14094 Use after free in Installer

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.8CVSS5.9AI score0.00089EPSS
Exploits0
NVD
NVD
added 2026/06/26 9:16 p.m.29 views

CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...

7.8CVSS0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52972

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52085

Name of the Vulnerable Software and Affected Versions HP Accessory WMI Provider installer affected versions not specified Description A security issue exists in the HP Accessory WMI Provider installer used for certain HP Docking Stations. This flaw could allow an attacker to achieve escalation of...

7.3CVSS6AI score0.00096EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.1AI score0.00821EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.9 views

CVE-2026-11103

Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

5.4AI score0.0008EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.29 views

Notepad++ 8.9.4 / 8.9.5 < 8.9.6 Installer Vulnerability

The version of Notepad++ installed on the remote host is 8.9.4 or 8.9.5. It is, therefore, affected by an installer vulnerability: - A vulnerability exists in the Notepad++ installer affecting versions 8.9.4 and 8.9.5 that could allow an attacker to compromise the installation process...

7.8CVSS5.6AI score0.00108EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 p.m.18 views

CVE-2026-49134

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:53 p.m.17 views

EUVD-2026-33750

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 11:59 p.m.15 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 11:59 p.m.46 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 p.m.21 views

CVE-2026-42878

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS0.0024EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...

7.5CVSS5.7AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 p.m.22 views

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS0.00821EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/19 9:3 p.m.18 views

EUVD-2026-30984

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.2AI score0.00821EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/19 9:3 p.m.56 views

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS0.00821EPSS
Exploits2References2
CVE
CVE
added 2026/05/19 9:3 p.m.57 views

CVE-2026-34234

CVE-2026-34234 affects CtrlPanel (open-source hosting-provider billing) versions up to 1.1.1. The web installer at public/installer/index.php executes form handlers before install.lock gating and uses unsanitized user input in shell commands, enabling unauthenticated RCE. A PoC demonstrates a cra...

10CVSS6.2AI score0.00821EPSS
In wildExploits2References2
Rows per page
Query Builder