Lucene search
+L

127 matches found

osv
osv
added last week4 views

UBUNTU-CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score0.00677EPSS
Exploits1References6
osv
osv
added 2026/07/09 11:40 p.m.2 views

CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS6.1AI score0.00461EPSS
Exploits0References4
redhat
redhat
added 2026/07/07 9:54 a.m.5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 6:48 p.m.14 views

CVE-2024-56462

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system...

8.8CVSS5.5AI score0.00463EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 11:16 p.m.15 views

CVE-2019-25718

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...

8.6CVSS0.00118EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 9:41 p.m.30 views

CVE-2019-25718 Dräger Infinity Explorer C700 Privilege Escalation via Kiosk Mode Bypass

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...

8.6CVSS0.00118EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 9:41 p.m.6 views

CVE-2019-25718

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...

8.6CVSS5.8AI score0.00118EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/01 9:41 p.m.10 views

CVE-2019-25718 Dräger Infinity Explorer C700 Privilege Escalation via Kiosk Mode Bypass

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...

8.6CVSS5.8AI score0.00118EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.10 views

Dräger Infinity Explorer C700 安全漏洞

The Dräger Infinity Explorer C700 is an integrated medical-grade monitoring workstation component developed by the German company Dräger. The Dräger Infinity Explorer C700 has a security vulnerability that stems from privilege escalation. This vulnerability could allow attackers to break through...

8.6CVSS5.3AI score0.00118EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 1:50 p.m.14 views

CVE-2024-56462 IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system...

7.2CVSS5.8AI score0.00463EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.20 views

PT-2026-43685

Name of the Vulnerable Software and Affected Versions IBM QRadar versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 Description A privileged user can upload a malicious backup archive. When this archive is restored, it can be used to gain unauthorized access to the underlying operating system...

8.8CVSS5.4AI score0.00463EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/15 4:3 p.m.6 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.06381EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/04/14 3:30 p.m.8 views

EUVD-2025-209437

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...

8.2CVSS5.9AI score0.00326EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/14 1:12 p.m.3 views

CVE-2025-7389 Unauthorized Arbitrary File Read via RMI in AdminServer Interface

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...

8.2CVSS5.9AI score0.00326EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.9 views

PT-2026-32624

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...

8.2CVSS5.9AI score0.00326EPSS
Exploits0References3
ossf
ossf
added 2026/03/24 9:8 a.m.6 views

Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

5.9AI score
Exploits0References1
osv
osv
added 2026/03/24 9:8 a.m.4 views

MAL-2026-2412 Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

5.8AI score
Exploits0References1
redhatcve
redhatcve
added 2026/03/05 7:31 p.m.5 views

CVE-2026-20016

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attack...

6CVSS6.2AI score0.00334EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/17 7:19 p.m.9 views

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

10CVSS5.8AI score0.13122EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/01/07 9:31 a.m.7 views

CVE-2019-16300

An issue was discovered in Open Network Operating System ONOS 1.14. In the access control application org.onosproject.acl, the host event listener does not handle the following event types: HOSTREMOVED. In combination with other applications, this could lead to the absence of intended code...

7.5CVSS7.1AI score0.02004EPSS
Exploits0References1
Rows per page
Query Builder