Lucene search
K

1911 matches found

CVE
CVE
added 2026/05/12 6:37 p.m.17 views

CVE-2026-23822

CVE-2026-23822 affects the XML handling component of AOS-8 DHCP services on Access Points running AOS Instant 8.x.x.x. The vulnerability allows an unauthenticated remote attacker to trigger a denial-of-service by causing excessive resource consumption after user interaction. The CVSS vector indic...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:37 p.m.31 views

CVE-2026-23822 Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:34 p.m.34 views

CVE-2026-23820 Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...

7.2CVSS0.00555EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40339

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruptio...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

WordPress plugin Slek Gateway for WooCommerce 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/29 10:52 a.m.11 views

Scam-checking just got a lot easier: Malwarebytes is now in Claude

For years, Malwarebytes has protected people by going where they are, and where people are today is increasingly within AI tools. As these chatbots tackle more everyday questions—like what to wear for an interview, how to replace a pendant light in the home, and where to eat during upcoming...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.7 views

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS6.3AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 12:31 p.m.4 views

EUVD-2026-22248

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS5.8AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:7 p.m.30 views

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

7.4CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 12:7 p.m.3 views

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 11:56 a.m.8 views

CVE-2026-2449

CVE-2026-2449 affects upKeeper Instant Privilege Access (upKeeper Solutions) up to version 1.5.0. The issue is described as improper neutralization of argument delimiters in a command (argument injection) vulnerability, enabling hijacking of a privileged thread of execution. CVSS4 base score is 9...

9CVSS5.8AI score0.00329EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:56 a.m.5 views

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS5.8AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 11:56 a.m.32 views

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32620

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.5.0 Description Improper neutralization of argument delimiters in a command, known as argument injection, allows low-privilege users to hijack a privileged thread of execution. This can lea...

9CVSS5.8AI score0.00329EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

upKeeper Instant Privilege Access 安全漏洞

UpKeeper Instant Privilege Access is a privilege management system developed by the Swedish company UpKeeper. Versions of UpKeeper Instant Privilege Access prior to 1.5.0 contained security vulnerabilities. These vulnerabilities were caused by improper parameter separators in commands, which coul...

9CVSS5.9AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

upKeeper Instant Privilege Access 安全漏洞

UpKeeper Instant Privilege Access is a privilege management system developed by the Swedish company UpKeeper. Versions of UpKeeper Instant Privilege Access prior to 1.5.0 contained security vulnerabilities. These vulnerabilities were due to improper use of simulations in .NET, which could lead to...

7.4CVSS5.9AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.6 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.10 views

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

6.5CVSS6.1AI score0.0017EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:21 p.m.2 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2026/04/07 5:7 p.m.8 views

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

5.9AI score
Exploits0
Rows per page
Query Builder