Lucene search
K

17094 matches found

BDU FSTEC
BDU FSTEC
added 8 hours ago14 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 8 hours ago24 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
Nuclei
Nuclei
added 15 hours ago24 views

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

8.8CVSS6.8AI score0.01195EPSS
Exploits0References4
Nuclei
Nuclei
added 15 hours ago12 views

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

8.8CVSS6.2AI score0.31405EPSS
Exploits4References3
Nuclei
Nuclei
added 15 hours ago21 views

TYPO3 ceselector Extension - Insecure Deserialization

TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...

9.2CVSS6.2AI score0.02306EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago42 views

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...

6.5CVSS6.7AI score0.02646EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago36 views

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

9.9CVSS7.6AI score0.05258EPSS
Exploits1References2
NVD
NVD
added 18 hours ago7 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS
Exploits0References1
CVE
CVE
added yesterday85 views

CVE-2026-53633

Vitest CVE-2026-53633 affects Vitest Browser Mode (3.0.0–3.2.5, 4.1.8, and 5.0.0-beta.4), where a cdp() API exposes raw Chrome DevTools Protocol methods without gates. A remote client with exposed browser API metadata can use CDP Page.setDownloadBehavior and Runtime.evaluate to overwrite vite.con...

9.8CVSS6.2AI score0.00089EPSS
Exploits0References10
NVD
NVD
added yesterday2 views

CVE-2026-56642

Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability

...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-55017

Mode C: CVE-2026-55017 is a heap-based buffer overflow affecting Microsoft Office, enabling a local attacker to execute code. The available connected documents confirm this vulnerability within Microsoft Office products (Office components cited in the NCSC advisory and multiple CVE trackers). Roo...

7.8CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.4CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday5 views

Windows OLE Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS6.2AI score
Exploits0
Nuclei
Nuclei
added yesterday55 views

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

9.8CVSS7.1AI score0.68398EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday62 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday18 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.6AI score0.76148EPSS
Exploits0References3
Rows per page
Query Builder