Lucene search
K

161008 matches found

Nuclei
Nuclei
added 5 days ago152 views

Cisco IOS HTTP Configuration - Authentication Bypass

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author:...

9.3CVSS6AI score0.6845EPSS
Exploits8References5
Nuclei
Nuclei
added 5 days ago453 views

FUEL CMS 1.4.1 - Remote Code Execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...

9.8CVSS7.4AI score0.82937EPSS
Exploits17References5
Nuclei
Nuclei
added 5 days ago126 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.9AI score0.75088EPSS
Exploits0References5
Nuclei
Nuclei
added 5 days ago86 views

EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution

EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...

9.8CVSS7.8AI score0.91874EPSS
Exploits13References5
Nuclei
Nuclei
added 5 days ago129 views

Dahua Smart Park Management - Arbitrary File Upload

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...

9.8CVSS6.7AI score0.73525EPSS
Exploits2References5
Nuclei
Nuclei
added 5 days ago55 views

Altenergy Power Control Software C1.2.5 - Remote Command Injection

Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...

9.8CVSS7.4AI score0.85332EPSS
Exploits5References5
Nuclei
Nuclei
added 5 days ago51 views

GeoServer WPS - Server Side Request Forgery

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS7.2AI score0.67715EPSS
Exploits0References4
Nuclei
Nuclei
added 5 days ago26 views

Yaws 1.91 - Local File Inclusion

Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. id: CVE-2017-10974 info: name: Yaws 1.91 - Local File Inclusion author: 0xAkoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. impact: |...

7.5CVSS7.1AI score0.81028EPSS
Exploits5References5
Nuclei
Nuclei
added 5 days ago17 views

Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

9.8CVSS8.1AI score0.72782EPSS
Exploits8References5
Nuclei
Nuclei
added 5 days ago163 views

CraftCMS - Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

10CVSS7.9AI score0.99803EPSS
Exploits14References5
NVD
NVD
added 5 days ago8 views

CVE-2026-12411

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS0.00108EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39788

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-12411 Broken Access Control in Canonical LXD DevLXD API

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-12411

CVE-2026-12411 : Affects Canonical LXD (devLXDInstancePatchHandler). A crafted device PATCH to /dev/lxd, when security.devlxd.management.volumes is enabled, can allow a local untrusted guest to mount, read, and overwrite another guest’s custom storage volume. CVSSv3.1 base score 8.4 (HIGH); confi...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

ROOT-APP-NPM-GHSA-67MH-4WV8-2F99 GHSA-67mh-4wv8-2f99 in @rootio/esbuild - Patched by Root

Root has patched GHSA-67mh-4wv8-2f99 in the @rootio/esbuild package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score
Exploits0
OSV
OSV
added 5 days ago21 views

ROOT-APP-NPM-GHSA-R4Q5-VMMM-2653 GHSA-r4q5-vmmm-2653 in @rootio/follow-redirects - Patched by Root

Root has patched GHSA-r4q5-vmmm-2653 in the @rootio/follow-redirects package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 5 days ago5 views

RHSA-2026:29902 Red Hat Security Advisory: libpng security update

Bulletin has no description...

7.5CVSS5.7AI score0.01052EPSS
Exploits1References13
OSV
OSV
added 5 days ago4 views

ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root

Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00467EPSS
Exploits0
OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2026-27903 CVE-2026-27903 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27903 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00517EPSS
Exploits1
OSV
OSV
added 5 days ago5 views

ROOT-APP-NPM-CVE-2026-27904 CVE-2026-27904 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27904 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00472EPSS
Exploits1
Rows per page
Query Builder