Lucene search
K

22525 matches found

Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago9 views

Mitel 6000 - OS Command Injection

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

6.5CVSS7.1AI score0.47629EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago18 views

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

9.8CVSS6.2AI score0.34346EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago21 views

Apache OFBiz - XML External Entity Injection

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

7.5CVSS7AI score0.1591EPSS
Exploits0References2
Zero Science Lab
Zero Science Lab
added 23 hours ago25 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score
Exploits2
NVD
NVD
added yesterday4 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22103

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score0.0131EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-22096

CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-22095

The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...

9.3CVSS6.1AI score0.00976EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday97 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7AI score0.73267EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57672

Name of the Vulnerable Software and Affected Versions EVbee DC-80 affected versions not specified Description The built-in web server running on port 8090 lacks authentication. This flaw allows unauthorized access to sensitive information, including configured passwords and stored credentials, an...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS0.00346EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References6
CVE
CVE
added 2 days ago21 views

CVE-2026-10666

CVE-2026-10666 affects Zephyr’s net_ipaddr_parse() path (IPv4 address-with-port parsing via net_ipaddr_parse() in subsys/net/ip/utils.c). The bug stems from parse_ipv4() copying the port suffix into a fixed 17-byte buffer without validating port length, using a length derived from an unbounded in...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder