Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:10 p.m.8 views

CVE-2026-8426

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

8.8CVSS6.3AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/21 8:22 p.m.6 views

CVE-2026-8426

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/21 8:22 p.m.7 views

CVE-2026-8426 Concrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwrite

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References1
CVE
CVEadded 2026/05/21 8:22 p.m.18 views

CVE-2026-8426

Concrete CMS 9.5.0 and earlier fails to validate a CSRF token for requests to /dashboard/extend/update/prepare_remote_upgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and trigger the upgrade() method in a single b...

8.8CVSS6.5AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/21 8:22 p.m.31 views

CVE-2026-8426 Concrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwrite

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS0.00171EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/21 8:22 p.m.6 views

EUVD-2026-31337

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.9 views

PT-2026-42548

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare remote upgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

7.5CVSS6.5AI score0.00171EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/02 9:30 a.m.2 views

EUVD-2026-26775

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

6.3CVSS5AI score0.00234EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/04/20 12:0 a.m.4 views

HP Color LaserJet Missing Authentication for Critical Function (CVE-2004-2439)

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

5CVSS5.8AI score0.02223EPSS
Exploits0References5
CVE
CVEadded 2026/03/08 10:32 a.m.33 views

CVE-2026-3731

CVE-2026-3731 affects libssh up to version 0.11.3, specifically the SFTP Extension Name Handler in src/sftp.c (functions sftp_extensions_get_name and sftp_extensions_get_data). Manipulating the idx argument can trigger an out-of-bounds read, with the threat potentially remote. The issue is addres...

7.5CVSS5.7AI score0.00631EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/07 1:44 a.m.6 views

CVE-2026-3612

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmwareurl causes command injection. It is possible to initiate the attack remotely. The exploit h...

8.6CVSS6.9AI score0.0946EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2007-2370

Malware in sbrugna...

10CVSS6.4AI score0.05577EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-10320

Malware in sbrugna...

9.3CVSS8.1AI score0.01629EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2004-2430

Malware in sbrugna...

5CVSS6.4AI score0.02223EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-17041

Malware in sbrugna...

5.3CVSS5.5AI score0.01859EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2015-1104

Malware in sbrugna...

6.1CVSS4.1AI score0.00545EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2021-34111

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00468EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-4254

Malicious code in bioql PyPI...

8.8CVSS4.9AI score0.00342EPSS
Exploits1References5
Cvelist
Cvelistadded 2023/02/06 4:31 p.m.26 views

CVE-2020-36660 paxswill EVE Ship Replacement Program User Information api.py information disclosure

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...

4.3CVSS4.3AI score0.00666EPSS
Exploits0References4
CNVD
CNVDadded 2019/01/03 12:0 a.m.3 views

Guardzilla GZ180 Command Injection Vulnerability

The Guardzilla GZ180 is a home security surveillance camera. A command injection vulnerability exists in the remote upgrade feature in the Guardzilla GZ180. An attacker can exploit this vulnerability to gain shell access to the device and execute system commands with the help of specially crafted...

9.3CVSS8.2AI score0.01629EPSS
Exploits0References1
Rows per page
Query Builder