Lucene search
+L

11494 matches found

nuclei
nuclei
added 13 hours ago169 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.1AI score0.17894EPSS
Exploits1References2
ptsecurity
ptsecurity
added 23 hours ago7 views

PT-2026-60459

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An input validation and injection issue exists where the client constructs APT source files using data from the contract server response via the directives.suites and...

9CVSS6.5AI score
Exploits0References5
nvd
nvd
added 2 days ago8 views

CVE-2026-50130

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS0.00225EPSS
Exploits0References3
cve
cve
added 2 days ago4 views

CVE-2026-15427

The CVE-2026-15427 involves an OS command injection in the TR-069/CWMP management interface of TP-Link Archer VX1800v (v1). The root cause is insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires TR-069 ...

8.6CVSS6.2AI score0.005EPSS
Exploits0References2
nvd
nvd
added 3 days ago7 views

CVE-2026-61498

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
ubuntu
ubuntu
added 3 days ago7 views

USN-8496-3: cifs-utils vulnerability

USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before...

7.8CVSS6.3AI score0.00121EPSS
Exploits0
osv
osv
added 3 days ago2 views

USN-8496-3 cifs-utils vulnerability

USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before...

7.8CVSS6.3AI score0.00121EPSS
Exploits0References2
nvd
nvd
added 6 days ago8 views

CVE-2026-53657

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS0.00197EPSS
Exploits0References4
cvelist
cvelist
added 6 days ago29 views

CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS0.00197EPSS
Exploits0References4
cve
cve
added 6 days ago23 views

CVE-2026-53657

CVE-2026-53657 affects Lima when using the qemu driver. Prior to 2.1.3, an unprivileged user inside a Lima QEMU guest could access the /run/lima-guestagent.sock guest-agent socket when enabled, enabling commands with root privileges inside the VM via the socket’s tunneling to privileged daemons. ...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References4
cve
cve
added 6 days ago13 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/07/09 8:16 p.m.6 views

CVE-2026-0276

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

7.8CVSS0.00137EPSS
Exploits0References1
nvd
nvd
added 2026/07/09 8:16 p.m.6 views

CVE-2026-0275

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

6.7CVSS0.00112EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/09 7:19 p.m.6 views

CVE-2026-0275

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS6AI score0.00112EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/07/09 7:19 p.m.12 views

CVE-2026-0275

Prisma Browser on macOS is affected by a Local Privilege Escalation vulnerability. An administratively authenticated user with access to the macOS local filesystem can perform actions with root privileges, impacting the device’s security. The CVSS metrics indicate LOCAL attack vector, HIGH privil...

6.7CVSS6AI score0.00112EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/07/09 5:46 p.m.7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
snyk
snyk
added 2026/07/09 8:41 a.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
osv
osv
added 2026/07/08 4:27 p.m.4 views

OPENSUSE-SU-2026:21277-1 Security update for go-sendxmpp

This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.16.0: Added: Add Ox support to http-upload. Add Ox support for private group chats. Show error cause if joining MUCs failedi requires go-xmpp = v0.3.5. Changed: Fix --ox-delete-nodes. Fix receiving of 1-...

9.8CVSS6.8AI score0.00478EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 3:32 p.m.7 views

EUVD-2026-42290

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 3:16 p.m.8 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS0.0128EPSS
Exploits1References1
Rows per page
Query Builder