Lucene search
K

938 matches found

Vulnrichment
Vulnrichment
added 2026/06/05 6:6 p.m.10 views

CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS5.5AI score0.00294EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/05 5:58 p.m.32 views

CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS0.02008EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:58 p.m.10 views

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS6AI score0.02008EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/05 5:58 p.m.27 views

CVE-2026-45744

Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....

9.9CVSS6AI score0.02008EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.17 views

PT-2026-47017

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. An OS command injection exists in the "/ssh/file manager/ssh/resolvePath" endpoint. T...

9.9CVSS6AI score0.02008EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-47022

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...

9CVSS5.6AI score0.00294EPSS
Exploits1References9
Snyk
Snyk
added 2026/06/04 6:17 p.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the replace-resolve path. An attacker can execute arbitrary code by submitting specially crafted serialized data that bypasses class registration, TypeChecker, and DisallowedList checks, leading to t...

9.3CVSS5.9AI score0.0052EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 4:9 p.m.44 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/03 9:16 p.m.8 views

Server-side Request Forgery (SSRF)

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...

8.8CVSS5.5AI score0.00055EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 6:16 p.m.17 views

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.5CVSS0.00091EPSS
Exploits0References8
CVE
CVE
added 2026/06/03 3:49 p.m.34 views

CVE-2026-46252

CVE-2026-46252 affects the Linux kernel regulator core. The vulnerability stems from improper locking in regulator_resolve_supply() error handling, where late-failing supply enable paths could trigger a lockdep warning due to holding the regulator_list_mutex while calling _regulator_put(). The fi...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:49 p.m.6 views

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/03 3:49 p.m.14 views

EUVD-2026-34114

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.8AI score0.00091EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 3:49 p.m.44 views

CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

0.00091EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/03 12:25 p.m.11 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveProxyClass function. An attacker...

9.8CVSS5.9AI score0.00468EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 9:39 a.m.41 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2025-60477

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

0.00107EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45933

A NULL pointer dereference in the gf filter pid resolve file template ex function /filter core/filter pid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.8AI score0.00107EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:0 a.m.18 views

EUVD-2025-210053

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5CVSS5.8AI score0.00107EPSS
Exploits0References4
Rows per page
Query Builder