Lucene search
+L

32 matches found

cve
cve
added yesterday5 views

CVE-2026-52890

CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...

7.1CVSS6.2AI score0.00074EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/11 12:0 a.m.20 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.16 views

openshift Red Hat OpenShift Container Platform 4 配置错误漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

8.8CVSS5.9AI score0.0015EPSS
Exploits0References5
euvd
euvd
added 2026/04/26 1:19 p.m.5 views

EUVD-2018-21803

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

8.6CVSS6.1AI score0.00147EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/26 1:19 p.m.29 views

CVE-2018-25283 iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

8.6CVSS0.00147EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/26 12:0 a.m.5 views

PT-2026-35253

iSmartViewPro 1.5 contains a structured exception handling SEH buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to...

8.6CVSS6AI score0.00147EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/26 12:0 a.m.11 views

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.5 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability stems from an improper handling of structured data in the “Save Path for Snapshot and Record”...

8.6CVSS6AI score0.00147EPSS
Exploits0References1
euvd
euvd
added 2026/04/12 3:30 p.m.7 views

EUVD-2019-20126

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

8.6CVSS6.4AI score0.00156EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/12 12:28 p.m.29 views

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

8.6CVSS0.00156EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/12 12:0 a.m.9 views

PT-2026-32160

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

8.6CVSS6.4AI score0.00156EPSS
Exploits0References4
cve
cve
added 2026/03/22 1:38 p.m.8 views

CVE-2019-25618

AdminExpress 1.2.5 is affected by a local-denial-of-service in the System Compare feature. An attacker can submit oversized input in the Folder Path field, sending a large buffer of characters to trigger the comparison function and cause the application to become unresponsive or crash. This is a ...

6.9CVSS6AI score0.00126EPSS
Exploits0References3
veracode
veracode
added 2026/02/10 1:21 p.m.8 views

Arbitrary Code Execution

ingress-nginx is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of the rules.http.paths.path Ingress field, where attacker-controlled values can inject arbitrary NGINX configuration, enabling execution of commands in the ingress-nginx controller context...

8.8CVSS6AI score0.00501EPSS
Exploits1References3Affected Software2
github
github
added 2026/02/04 12:30 a.m.9 views

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

8.8CVSS6.3AI score0.00501EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/02/03 11:16 p.m.20 views

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

8.8CVSS0.00501EPSS
Exploits1References1
snyk
snyk
added 2026/02/03 10:54 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...

8.8CVSS6.1AI score0.00501EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-4829

Malicious code in bioql PyPI...

8.1CVSS8AI score0.011EPSS
Exploits0References8
nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-25706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...

6.1CVSS6.8AI score0.02783EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 5:32 a.m.3 views

SUSE CVE-2014-0474

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

10CVSS7.2AI score0.04753EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

6.1CVSS7AI score0.02783EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 3:44 a.m.4 views

SUSE CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

7.6CVSS8AI score0.011EPSS
Exploits0References3
Rows per page
Query Builder