Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 13 hours ago2 views

CVE-2026-57269

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 7:56 p.m.14 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 9:13 p.m.14 views

CVE-2025-71303

A flaw was found in the Linux kernel. Specifically, within the accel/amdxdna component, a timing issue, known as a race condition, exists during device power management. A local application could submit commands while the device is in an inconsistent state due to an incomplete resume operation...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 2:29 p.m.19 views

CVE-2026-42184

Tauri versions 2.0–2.11.0 contain an Origin Confusion flaw in is_local_url() on Windows and Android. The code checks only the first subdomain of the URL, mapping custom URI schemes to http://.localhost/ due to WebView limitations. An attacker can host a page whose subdomain matches the app’s regi...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.5 views

CVE-2026-41179

A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...

9.8CVSS6.2AI score0.09199EPSS
Exploits2References7
Prion
Prion
added 2021/04/07 4:15 p.m.17 views

Server side request forgery (ssrf)

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

7.5CVSS8.2AI score0.01155EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/02/07 3:15 p.m.13 views

CVE-2020-8126

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...

7.8CVSS8AI score0.00517EPSS
Exploits0References1
Prion
Prion
added 2020/02/07 3:15 p.m.20 views

Privilege escalation

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...

7.2CVSS8AI score0.00517EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2010/05/06 12:0 a.m.41 views

HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted...

10CVSS6.1AI score0.78962EPSS
Exploits5References1
Rows per page
Query Builder