Lucene search
+L

11714 matches found

nuclei
nuclei
added 8 hours ago92 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS6.9AI score0.13425EPSS
Exploits1References5
nuclei
nuclei
added 8 hours ago53 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.1AI score0.17313EPSS
Exploits2References5
nvd
nvd
added yesterday6 views

CVE-2026-40633

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-58647

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS0.00538EPSS
Exploits0References1
cve
cve
added 2 days ago11 views

CVE-2026-58647

CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...

8CVSS6.1AI score0.00538EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago24 views

CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability

...

8CVSS0.00538EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-12659

The CVE-2026-12659 issue affects Rockwell Automation’s Flex 5000® Adapter. It is a denial-of-service vulnerability caused by improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. The impact is a loss of availability in the affected module and I/O, wi...

8.7CVSS6.1AI score0.00253EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-9140

CVE-2026-9140 describes a denial-of-service in 1719-AENTR devices caused by improper handling of a UDP unicast network storm, leading to device overload and loss of communication. Recovery requires a power cycle. The CVSS 4.0 score is 8.7 (HIGH); attack vector is NETWORK with no privileges or use...

8.7CVSS6.1AI score0.00253EPSS
Exploits0References1
mscve
mscve
added 2 days ago4 views

Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS6.1AI score0.00538EPSS
Exploits0
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58285

Name of the Vulnerable Software and Affected Versions Power BI Report Server versions prior to 15.0.1121.120 Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a technique where malicious scripts are injected into trusted websites. This allo...

8CVSS6AI score0.00538EPSS
Exploits0References3
nuclei
nuclei
added 3 days ago80 views

Altenergy Power Control Software C1.2.5 - Remote Command Injection

Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...

9.8CVSS7.1AI score0.85332EPSS
Exploits5References5
nvd
nvd
added 4 days ago8 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS0.00143EPSS
Exploits0References2
vulnrichment
vulnrichment
added 4 days ago4 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits0References2
cve
cve
added 4 days ago15 views

CVE-2026-10664

CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...

5CVSS6.1AI score0.00143EPSS
Exploits0References2
cvelist
cvelist
added 4 days ago29 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS0.00143EPSS
Exploits0References2
attackerkb
attackerkb
added 4 days ago2 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits0References3Affected Software1
osv
osv
added 4 days ago2 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits0References5
fedora
fedora
added 4 days ago10 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
ubuntu
ubuntu
added 6 days ago6 views

USN-8492-5: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.6AI score0.00686EPSS
Exploits4
fedora
fedora
added 2026/07/09 12:57 a.m.35 views

[SECURITY] Fedora 44 Update: upower-1.91.3-1.fc44

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

5.9AI score
Exploits0
Rows per page
Query Builder