Lucene search
K

17095 matches found

BDU FSTEC
BDU FSTEC
added yesterday14 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday24 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
Nuclei
Nuclei
added yesterday42 views

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...

6.5CVSS6.7AI score0.02646EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday24 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday12 views

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

8.8CVSS6.2AI score0.31405EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday21 views

TYPO3 ceselector Extension - Insecure Deserialization

TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...

9.2CVSS6.2AI score0.02306EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday36 views

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

9.9CVSS7.6AI score0.05258EPSS
Exploits1References2
NVD
NVD
added yesterday7 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2 days ago85 views

CVE-2026-53633

Vitest CVE-2026-53633 affects Vitest Browser Mode (3.0.0–3.2.5, 4.1.8, and 5.0.0-beta.4), where a cdp() API exposes raw Chrome DevTools Protocol methods without gates. A remote client with exposed browser API metadata can use CDP Page.setDownloadBehavior and Runtime.evaluate to overwrite vite.con...

9.8CVSS6.2AI score0.00585EPSS
Exploits0References10
NVD
NVD
added 2 days ago3 views

CVE-2026-56642

Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network...

8.8CVSS0.00869EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability

...

8.8CVSS0.00869EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-55017

Mode C: CVE-2026-55017 is a heap-based buffer overflow affecting Microsoft Office, enabling a local attacker to execute code. The available connected documents confirm this vulnerability within Microsoft Office products (Office components cited in the NCSC advisory and multiple CVE trackers). Roo...

7.8CVSS6.2AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability

...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.4CVSS0.00388EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2 days ago5 views

Windows OLE Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS6.2AI score0.00674EPSS
Exploits0
Nuclei
Nuclei
added 2 days ago55 views

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

9.8CVSS7.1AI score0.68398EPSS
Exploits9References5
Nuclei
Nuclei
added 2 days ago117 views

MajorDoMo thumb.php - OS Command Injection

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. id: CVE-2023-50917 info: name: MajorDoMo thumb.php - OS Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS7.1AI score0.38263EPSS
Exploits6References5
Nuclei
Nuclei
added 2 days ago62 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References2
Rows per page
Query Builder