Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/14 11:21 p.m.15 views

CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

9.9CVSS0.00081EPSS
Exploits2References2
ATTACKERKB
ATTACKERKBadded 2026/04/14 11:21 p.m.1 views

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

9.9CVSS6.7AI score0.00081EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.4 views

PT-2026-32964

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

9.9CVSS6.5AI score0.00081EPSS
Exploits2References6
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.1 views

CVE-2026-35175

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

7.2CVSS5.9AI score0.00023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:51 p.m.0 views

CVE-2026-35175

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

7.2CVSS5.9AI score0.00023EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:51 p.m.0 views

CVE-2026-35175 Ajenti has an authorization bypass during custom package installation

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

7.2CVSS5.9AI score0.00023EPSS
Exploits0References2
OSV
OSVadded 2026/04/03 3:57 a.m.0 views

GHSA-73JV-44C3-J5P2 Ajenti has an authorization bypass during custom package installation

Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...

7.2CVSS5.9AI score0.00023EPSS
Exploits0References4
Cvelist
Cvelistadded 2019/06/20 1:43 p.m.12 views

CVE-2019-6961

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations intended only for the network operator by sending an HTTP POST to the PHP backend, because the page filtering for...

6.5AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder