Lucene search
K

31962 matches found

CVE
CVE
added 1 hour ago2 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS
Exploits0References1
F5 Networks
F5 Networks
added 8 hours ago6 views

K000161575: PostgreSQL vulnerability CVE-2022-1552

Security Advisory Description A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated...

8.8CVSS7.2AI score0.02263EPSS
Exploits0
Nuclei
Nuclei
added 11 hours ago42 views

Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

10CVSS7.7AI score0.89753EPSS
Exploits8References5
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-45702

A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...

4.4CVSS5.8AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-35084 Stack buffer overflow in method dali-devconfig

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

8.8CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-35082

The CVE-2026-35082 entry describes a Local File Inclusion in the ugw-logread method, where insufficient validation of user-supplied input lets a remote attacker with user privileges access arbitrary local files. The CERT/VDE metrics indicate HIGH impact (confidentiality, integrity, availability) ...

8.8CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-34076

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-34075

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-35078

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-35078 Arbitrary file delete vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-34073

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-35076

CVE-2026-35076 describes an arbitrary local file delete vulnerability in the bac-scanresult method caused by insufficient validation of user-controlled input. The issue allows a remote attacker with user privileges to delete arbitrary local files. The provided metrics indicate a high-severity imp...

8.1CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-45917

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-45921

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-45923

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-46091

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

10CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder