Lucene search
+L

601 matches found

nvd
nvd
added 3 days ago6 views

CVE-2026-60114

Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...

8.7CVSS0.00303EPSS
Exploits2References2
nvd
nvd
added 3 days ago6 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
nvd
nvd
added 3 days ago6 views

CVE-2026-58475

Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...

6.1CVSS0.00214EPSS
Exploits2References2
cve
cve
added 3 days ago3 views

CVE-2026-58479

CVE-2026-58479 affects Sustainable Irrigation Platform (SIP) 5.x, specifically via the optional cli_control plugin. The vulnerability enables remote code execution (RCE) by storing a malicious payload through the plugin’s HTTP endpoint and then activating the associated irrigation station. The ro...

9.8CVSS6.3AI score0.05173EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-58478 Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
cve
cve
added 3 days ago4 views

CVE-2026-58477

SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...

8.8CVSS6.1AI score0.00357EPSS
Exploits2References2Affected Software1
cve
cve
added 3 days ago4 views

CVE-2026-60114

SIP 5.x (up to 5.2.16) contains a path traversal flaw in the Backup/Restore function. Unvalidated keys in the JSON backup enable attackers with restore access to craft file paths and write JSON files outside the data directory. The issue is worse when the optional passphrase is not enabled (facto...

8.7CVSS6.2AI score0.00303EPSS
Exploits2References2Affected Software1
cve
cve
added 3 days ago9 views

CVE-2026-58475

CVE-2026-58475 affects Sustainable Irrigation Platform (SIP) v5.2.16, where an attacker can store arbitrary JavaScript in program names via HTTP requests due to lack of output encoding. This stored XSS can render in browsers of any user viewing affected pages. Exploitation details from the ZerOSc...

6.1CVSS6.3AI score0.00214EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-58475 Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name

Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...

6.1CVSS0.00214EPSS
Exploits2References2
zeroscience
zeroscience
added 3 days ago31 views

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.5CVSS6.2AI score0.00261EPSS
Exploits2
zeroscience
zeroscience
added 3 days ago33 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score0.00357EPSS
Exploits2
zeroscience
zeroscience
added 3 days ago33 views

SIP Sustainable Irrigation Platform 5.x Path Traversal in Backup/Restore

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.7CVSS6.1AI score0.00303EPSS
Exploits2
zeroscience
zeroscience
added 3 days ago32 views

SIP Sustainable Irrigation Platform 5.x CSRF Disable Passphrase Authorization

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.1CVSS6.1AI score0.00228EPSS
Exploits2
zeroscience
zeroscience
added 3 days ago29 views

SIP Sustainable Irrigation Platform 5.x Stored XSS

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.1CVSS6.3AI score0.00214EPSS
Exploits2
zeroscience
zeroscience
added 3 days ago34 views

SIP Sustainable Irrigation Platform 5.x (cli_control) Remote Code Execution

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

9.8CVSS6.1AI score0.05173EPSS
Exploits2
osv
osv
added 4 days ago3 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References5
nvd
nvd
added 2026/07/02 10:16 a.m.10 views

CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS0.00212EPSS
Exploits0References1
euvd
euvd
added 2026/07/02 8:42 a.m.8 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 8:42 a.m.44 views

CVE-2026-8482 Information leak in NSRPC client history

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS0.00212EPSS
Exploits0References1
nvd
nvd
added 2026/06/23 9:16 p.m.8 views

CVE-2026-11819

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00122EPSS
Exploits0References3
Rows per page
Query Builder