Lucene search
+L

2311 matches found

CVE
CVE
added 2026/05/21 1:2 p.m.31 views

CVE-2025-71211

CVE-2025-71211 concerns Trend Micro Apex One Console; a directory traversal vulnerability enables remote code execution on affected installations. The ZDI advisory notes that the Apex One Console, listening on ports 8080 and 4343, allows remote attackers to execute arbitrary code without authenti...

9.8CVSS7.6AI score0.03754EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/21 1:1 p.m.35 views

CVE-2025-71210

CVE-2025-71210 affects the Trend Micro Apex One management console. The connected sources describe a path traversal vulnerability in the console that could allow a remote attacker to upload and execute code, with exploitation possible when an attacker has access to the console. Affected products ...

9.8CVSS7.6AI score0.03811EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 1:1 p.m.12 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS7.7AI score0.03811EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 1:1 p.m.12 views

EUVD-2025-209909

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS7.7AI score0.03811EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 1:1 p.m.54 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS0.03811EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:1 p.m.10 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS7.7AI score0.03811EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Trend Micro Apex One 路径遍历漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...

9.8CVSS7.6AI score0.03754EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.14 views

Trend Micro Apex One 路径遍历漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...

9.8CVSS7.6AI score0.03811EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.14 views

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to version 1.25.2, PgBouncer had a security vulnerability. This vulnerability stemmed from insufficient authorization checks for the KILLCLIENT management command. As long as users...

4.3CVSS5.9AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 10:16 p.m.17 views

CVE-2026-8106

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

6.1CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 9:18 p.m.14 views

CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

5.9CVSS5.8AI score0.00164EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:18 p.m.7 views

CVE-2026-8106

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

5.9CVSS5.8AI score0.00164EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/07 9:18 p.m.46 views

CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

5.9CVSS0.00164EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 9:18 p.m.29 views

CVE-2026-8106

CVE-2026-8106 describes a reflected HTML injection in the GitHub Enterprise Server Management Console login page. The vulnerability lies in the redirect_to query parameter on the /setup/unlock endpoint, which is reflected into an HTML attribute without proper sanitization. An attacker could entic...

6.1CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38595

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...

5.9CVSS5.8AI score0.00164EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.137 views

📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

7CVSS8.2AI score0.31894EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/04/23 2:25 a.m.123 views

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/22 11:30 p.m.34 views

CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

7.3CVSS0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.8 views

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 11:16 p.m.15 views

CVE-2026-4821

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error...

0.00014EPSS
Exploits0
Rows per page
Query Builder