Lucene search
K

32 matches found

NVD
NVD
added last week8 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS0.0128EPSS
Exploits1References1
CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-24700

Cisco CVE-2026-24700 affects the RC binary’s start_lltd() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The machine_name parameter is not properly sanitized, enabling OS command injection by an authenticated remote attacker with root privileges. Documented imp...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/14 10:42 p.m.15 views

CVE-2026-33414

Summary: CVE-2026-33414 affects Podman

8.8CVSS6.1AI score0.00607EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/25 6:44 p.m.8 views

DRUPAL-CONTRIB-2026-012

This module allows site builders to create so-called "theme\rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or...

4.3CVSS5.5AI score0.00098EPSS
Exploits0References1
Drupal
Drupal
added 2026/02/25 12:0 a.m.14 views

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

This module allows site builders to create so-called "themerule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or enab...

4.3CVSS5.4AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.17 views

PT-2026-22083

Name of the Vulnerable Software and Affected Versions Drupal Theme Negotiation by Rules versions prior to 1.2.1 Description A Cross-Site Request Forgery CSRF issue exists in the Theme Negotiation by Rules module. The module allows site builders to create “theme rule” config entities to render pag...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11216

Malware in sbrugna...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-1168

Malware in sbrugna...

4.3CVSS6.1AI score0.02399EPSS
Exploits0References7
OSV
OSV
added 2025/05/07 5:6 p.m.4 views

DRUPAL-CONTRIB-2025-047

The Restrict route by IP module provides an interface to manage route restriction by IP address. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that you need to know the route machine name...

8.8CVSS6.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/04/09 5:4 p.m.4 views

DRUPAL-CONTRIB-2025-033

Panels enables administrators to add page variants within page manager, panelizer, etc to create custom pages. The module doesn't sufficiently protect sensitive routes, allowing an attacker to view and modify blocks within variants without requiring appropriate permission. This vulnerability is...

6.5CVSS6.8AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 5:38 p.m.7 views

DRUPAL-CONTRIB-2025-017

This module enables you to create super sets of configuration and enable them conditionally, for example have some modules installed only in some environments. The module does not use Cross Site Request Forgery CSRF tokens to protect routes for enabling or disabling a split. This vulnerability is...

6.8CVSS6.7AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 5:16 p.m.7 views

DRUPAL-CONTRIB-2025-012

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery CSRF. This vulnerability is mitigated by the...

6.8CVSS6.5AI score0.00167EPSS
Exploits0References1
Citrix
Citrix
added 2024/01/09 12:0 a.m.8 views

Inconsistent Display of Machine Names in Studio

Some machine names are displayed in lower case letters in the machine catalog, while all others are displayed in upper case letters. All machines have been created in the same way and were all added manually to the catalogue. The names are being displayed consistently in AD and the PVS console...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2019/11/18 12:0 a.m.13 views

SYS.2.2.3.A18

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

7.3AI score
Exploits0References1
Prion
Prion
added 2019/05/02 7:29 p.m.14 views

Buffer overflow

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name...

5CVSS7.6AI score0.20587EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2019/05/02 7:29 p.m.6 views

CVE-2019-9017

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name...

7.5CVSS7.2AI score0.20587EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2019/05/02 12:0 a.m.5 views

PT-2019-19312 · Solarwinds · Solarwinds Dameware Mini Remote Control

Name of the Vulnerable Software and Affected Versions: SolarWinds DameWare Mini Remote Control version 10.0 Description: The issue is related to a Buffer Overflow in the DWRCC component of SolarWinds DameWare Mini Remote Control, specifically associated with the size field for the machine name...

7.5CVSS7.3AI score0.20587EPSS
Exploits5References4
CNVD
CNVD
added 2018/12/04 12:0 a.m.3 views

i4 assistant cross-site scripting vulnerability

i4 assistant is a specialized management tool for Apple mobile devices from China for Aipu Information Technology Company. A cross-site scripting vulnerability exists in i4 assistant version 7.85. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via th...

6.1CVSS5.6AI score0.00675EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/29 11:29 p.m.1 views

CVE-2018-19527

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings...

6.1CVSS5.3AI score0.00675EPSS
Exploits1References2
OSV
OSV
added 2018/11/29 11:29 p.m.5 views

CVE-2018-19527

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
Rows per page
Query Builder