Lucene search
K

74618 matches found

BDU FSTEC
BDU FSTEC
added 9 hours ago14 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in assertion-utils-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10612 Malicious code in assertion-utils-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...

6.2AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-56187

CVE-2026-56187 affects the Windows MIDI Service Module and is a use-after-free vulnerability that can lead to local privilege escalation for an authenticated/authorized attacker. Public sources in the connected set confirm the issue and point to a patch via Microsoft security updates (e.g., MSRC ...

7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-56183

CVE-2026-56183 is a use-after-free vulnerability in the Windows MIDI Service Module that permits a locally authenticated attacker to achieve elevation of privileges. Affected component: Windows MIDI Service Module (CVE-2026-56183) with local attack vector and high impact (CVE described as Elevati...

7CVSS6AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday4 views

Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0
CVE
CVE
added yesterday10 views

CVE-2026-53565

CVE-2026-53565 is a Local Privilege Escalation in Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. The CVE affects Secure Access Client for Windows versions before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7. The CVE is categorized as...

8.5CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday79 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87688EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday12 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.1AI score0.0203EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

Coda v.2024Q1 - Cross-Site Scripting

Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. id: CVE-2024-28734 info: name: Coda v.2024Q1 - Cross-Site Scripting author: s4e-io severity: medium description: | Cross Site Scripti...

6.1CVSS6.1AI score0.01791EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday19 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS6.9AI score0.06719EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday117 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

10CVSS7.2AI score0.98092EPSS
Exploits12References5
Nuclei
Nuclei
added yesterday137 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS6AI score0.00848EPSS
Exploits2References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-58270

Name of the Vulnerable Software and Affected Versions Azure CycleCloud versions prior to 8.9.1-3806 Description Missing authorization allows an authorized attacker to elevate privileges over a network. Recommendations Upgrade to build 8.9.1-3806...

6.5CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2 days ago4 views

MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

5.3CVSS6.3AI score0.00308EPSS
Exploits0References5
NVD
NVD
added 2 days ago7 views

CVE-2026-61498

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
Rows per page
Query Builder