Lucene search
K

2117 matches found

Nuclei
Nuclei
added yesterday107 views

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

8.6CVSS7AI score0.02885EPSS
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-48001

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction...

3.7CVSS0.00569EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48001 Adobe Commerce | Information Exposure (CWE-200)

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction...

3.7CVSS0.00569EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability

...

7CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-50371

CVE-2026-50371 affects Windows LUAFV (Windows LUAFV driver). The issue is a race condition due to concurrent access to a shared resource without proper synchronization, enabling an authorized local attacker to elevate privileges. Microsoft has released updates addressing this family of vulnerabil...

7CVSS6.1AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-61505

Vulnerability summary: Rejetto HFS versions 3.0.0–3.2.0 are affected by a path traversal via the lang parameter, allowing a remote, unauthenticated attacker to read certain JSON files outside shared folders. The impact is constrained to files matching a narrow naming/format pattern, with no indic...

6.9CVSS6.1AI score0.00452EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-57850

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS0.00334EPSS
Exploits0References4
OSV
OSV
added 6 days ago5 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43008

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
NVD
NVD
added last week8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 7:23 a.m.7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 5:16 a.m.11 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 3:48 a.m.32 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 5:16 p.m.10 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS0.00478EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 4:13 p.m.6 views

CVE-2026-40141 High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.5 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 4:13 p.m.21 views

CVE-2026-40141

CVE-2026-40141 affects the web application component of BeyondTrust Remote Support and Privileged Remote Access. The issue stems from insufficient validation of user-supplied input, which could allow an authenticated attacker with limited privileges to access resources or data beyond their author...

9.9CVSS6AI score0.00478EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55953

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 9:20 p.m.55 views

EUVD-2026-32710

Keycloak has privilege escalation via improper scope mapping enforcement...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/01 9:12 p.m.39 views

CVE-2026-54263 Wagtail: Reflected XSS in dynamic image URL generator view

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder