Lucene search
K

17012 matches found

CVE
CVE
added 2026/06/16 6:51 p.m.9 views

CVE-2026-0126

In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...

9.8CVSS6.2AI score0.00277EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/16 10:16 a.m.15 views

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.78 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS8.4AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.102 views

Apache ActiveMQ Fileserver - Arbitrary File Write

Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. id: CVE-2016-3088 info: name: Apache ActiveMQ Fileserver - Arbitrary File Write author: fqhsu severity: critical...

9.8CVSS8.8AI score0.98518EPSS
Exploits19References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49818

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the numberOfReportBlocks of RtpSession.cpp can lead to an out-of-bounds write. This issue allows for remote escalation of privilege without requiring user...

8.8CVSS5.7AI score0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 3:10 p.m.7 views

CVE-2026-9862 Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.4AI score0.00865EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 3:10 p.m.28 views

CVE-2026-9862

CVE-2026-9862 affects Fortra’s Core Privileged Access Manager (BoKS). The vulnerability is an OS command injection in the boks_autoregisterd service that can be exploited by a remote attacker with network access to execute commands with the service’s privileges during autoregistration processing....

9.8CVSS5.3AI score0.00865EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.8 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.7AI score0.02501EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:38 p.m.13 views

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.8AI score
Exploits0References14
NVD
NVD
added 2026/06/12 8:16 p.m.9 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 9:27 a.m.18 views

CVE-2026-11845

The CVE-2026-11845 entry concerns the iVEC-IEI Virtualization Edge Computer from IEI Integration Corp, describing an OS Command Injection vulnerability. The available documents state that privileged remote attackers could inject arbitrary OS commands and execute them on the device, with high impa...

8.6CVSS5.8AI score0.00951EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 7:16 p.m.5 views

DEBIAN-CVE-2026-11774

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.00539EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 2:16 p.m.15 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS0.00329EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.14 views

Malicious code in sysbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236 Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp on require/CLI execution. If...

5.6AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/10 11:6 p.m.125 views

Exploit for Out-of-bounds Read in Google Chrome

CVE-2026-11645 - V8 in Google Chrome prior to Remote Code Exec...

8.8CVSS6.6AI score0.01654EPSS
Exploits4
Ubuntu
Ubuntu
added 2026/06/10 1:49 p.m.9 views

USN-8419-1: HTTP-Daemon vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

9.1CVSS5.9AI score0.01231EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/10 12:39 p.m.33 views

CVE-2026-52751 Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

8.8CVSS0.0071EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.12 views

Critical: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6AI score0.12797EPSS
Exploits8References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:0 a.m.16 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is affected by remote code execution.

Summary The security issue described in CVE-2026-9330 and CVE-2026-9311 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS5.4AI score0.00489EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/10 4:17 a.m.10 views

CVE-2025-66279

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.01049EPSS
Exploits0References1
Rows per page
Query Builder