Lucene search
K

74525 matches found

BDU FSTEC
BDU FSTEC
added yesterday12 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday169 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.1AI score0.17894EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.1AI score0.0203EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

Coda v.2024Q1 - Cross-Site Scripting

Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. id: CVE-2024-28734 info: name: Coda v.2024Q1 - Cross-Site Scripting author: s4e-io severity: medium description: | Cross Site Scripti...

6.1CVSS6.1AI score0.01791EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday136 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS6AI score0.00848EPSS
Exploits2References1
Nuclei
Nuclei
added yesterday78 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87688EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday19 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
NVD
NVD
added yesterday7 views

CVE-2026-9492

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS0.00109EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-43274

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References2
CVE
CVE
added yesterday19 views

CVE-2026-9492

CVE-2026-9492 affects Gigabyte Control Center (GCC) MBStorage DRAM lighting control module. The vulnerability resides in the MyPortIO_x64.sys driver, where improper access control allows authenticated local attackers to issue IOCTL commands that can read and write physical memory, leading to kern...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-43239

Untrusted pointer dereference in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

8.3CVSS6.1AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-1359

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolvesetOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-13756

Technical details are not publicly available in the provided documents for CVE-2026-13756. Monitor for updates.

8.8CVSS6.1AI score0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
NVD
NVD
added 4 days ago8 views

CVE-2026-53657

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS0.00197EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS0.00197EPSS
Exploits0References4
CVE
CVE
added 4 days ago19 views

CVE-2026-53657

CVE-2026-53657 affects Lima when using the qemu driver. Prior to 2.1.3, an unprivileged user inside a Lima QEMU guest could access the /run/lima-guestagent.sock guest-agent socket when enabled, enabling commands with root privileges inside the VM via the socket’s tunneling to privileged daemons. ...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-41876

CVE-2026-41876 affects R-SOFT DMS. The vulnerability is an OS Command Injection in konwertujAction(), where the document converter executes shell commands using unsanitized file paths and format parameters, allowing an authenticated attacker to run arbitrary commands with the web server user’s pr...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
Rows per page
Query Builder