Lucene search
+L

7200 matches found

cve
cve
added 2026/06/11 5:34 a.m.379 views

CVE-2026-10795

UpdraftPlus (WordPress plugin)

8.1CVSS6.1AI score0.03578EPSS
In wildExploits3References4
cvelist
cvelist
added 2026/06/10 8:32 p.m.32 views

CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS0.00539EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/06/10 8:32 p.m.10 views

CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS5.5AI score0.00539EPSS
Exploits1References2
osv
osv
added 2026/06/10 8:32 p.m.2 views

CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS6AI score0.00539EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.16 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
cvelist
cvelist
added 2026/06/09 5:34 p.m.43 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/06/09 4:4 p.m.10 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/08 2:58 a.m.11 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References1
nvd
nvd
added 2026/06/07 3:16 a.m.14 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/07 2:30 a.m.33 views

CVE-2026-11450 GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS0.01572EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/06/07 2:30 a.m.10 views

CVE-2026-11450 GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/07 2:15 a.m.7 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score0.01102EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2026/06/07 2:15 a.m.45 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/07 2:15 a.m.7 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
cve
cve
added 2026/06/07 2:15 a.m.58 views

CVE-2026-11449

GL.iNet GL-MT3000 (v4.4.5) is affected by a remote command injection in LuCI JSON-RPC Interface, via the rpc_sys function in /cgi-bin/luci/rpc. Root cause is not explicitly stated beyond the vulnerability description; CVSS metrics in the connected sources indicate MEDIUM severity (CVSSv3.1 base 6...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/07 12:0 a.m.21 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/06/07 12:0 a.m.11 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...

6.5CVSS6.4AI score0.01102EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/06 12:45 p.m.10 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS8.1AI score0.00481EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

7.3CVSS7.7AI score0.00135EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44895

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.5AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder