Lucene search
K

13 matches found

Debian CVE
Debian CVE
added last week4 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:48 a.m.7 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/27 12:0 a.m.3 views

OPENSUSE-SU-2026:11130-1 calibre-9.10.0-1.1 on GA media

These are all security issues fixed in the calibre-9.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

8.5CVSS5.8AI score0.00197EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/13 12:27 a.m.4 views

SUSE CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS7.5AI score0.00866EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

pgAdmin < 9.10 Multiple Vulnerabilities

The version of pgAdmin installed on the remote host is prior to 9.10. It is, therefore, affected by the following vulnerabilities: - pgAdmin versions prior to 9.10 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from...

9.8CVSS6.4AI score0.12384EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.3 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS6.6AI score0.0013EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/13 1:43 p.m.1 views

Improper Certificate Validation

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Improper Certificate Validation via the TLS certificate verification bypass. An attacker can gain unauthorized access by exploiting improper TLS certificate verification during authentication. Remediation...

8.7CVSS6.7AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 4:9 a.m.9 views

CVE-2025-48428

Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...

6.7CVSS6.7AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:39 a.m.5 views

EUVD-2025-35647

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

5.5CVSS6.5AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.7 and 9.10.x through 9.10.0, which stems from a failure to properly implement privilege controls, resulting in the ability to...

2.7CVSS4.4AI score0.0039EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.12 views

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

9.8CVSS7.1AI score0.26587EPSS
Exploits5References4
OSV
OSV
added 2019/01/16 8:29 p.m.4 views

ALPINE-CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

5.3CVSS7.2AI score0.05478EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/05/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2008-1244

cgi-bin/setupdns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns11, dns12, dns13, and dns14 parameters. NOTE: it was later reported...

10CVSS5.8AI score0.04896EPSS
Exploits2References1
Rows per page
Query Builder