Lucene search
+L

18664 matches found

nvd
nvd
added 2026/06/09 4:16 p.m.11 views

CVE-2026-10727

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS0.01634EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.19 views

PT-2026-47808

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.9.0.1 Ivanti EPMM versions prior to 12.8.0.3 Ivanti EPMM versions prior to 12.7.0.2 Description An OS command injection issue allows a remote authenticated attacker to execute arbitrary commands with root...

7.2CVSS6AI score0.01634EPSS
Exploits0References8
osv
osv
added 2026/06/08 11:33 a.m.10 views

USN-8395-1 netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

9.9CVSS6.2AI score0.00516EPSS
Exploits0References11
redhatcve
redhatcve
added 2026/06/05 7:41 p.m.12 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS6AI score0.00882EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:41 p.m.11 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:41 p.m.11 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

6.5CVSS5.7AI score0.00701EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6281

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

8.8CVSS6AI score0.00445EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.5AI score0.00391EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 6:49 p.m.11 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.5AI score0.00325EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.5AI score0.00277EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47268

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0034EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0034EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.25 views

PT-2026-47034

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL versions prior to 4.0.1 Description An untrusted search path issue exists in the GlobalDatabasePlugin. This allows a remote authenticated low-privilege actor to escalate privileges to thos...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References7
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.14 views

Amazon Web Services Advanced Go Wrapper 安全漏洞

Amazon Web Services Advanced Go Wrapper is an open-source extension to existing Go language drivers provided by Amazon Web Services. There is a security vulnerability in Amazon Web Services Advanced Go Wrapper, which stems from an insecure search path in the GlobalDatabasePlugin. This vulnerabili...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/03 1:31 p.m.9 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/03 1:31 p.m.40 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS0.00277EPSS
Exploits0References1
euvd
euvd
added 2026/06/03 1:31 p.m.12 views

EUVD-2024-55608

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/03 1:31 p.m.15 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References2
Rows per page
Query Builder