Lucene search
K

49 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.6AI score0.00738EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 6:31 p.m.8 views

EUVD-2026-22977

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 5:17 p.m.6 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS0.00738EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 12:0 a.m.11 views

CVE-2026-30996

CVE-2026-30996 affects SAC-NFe v2.0.02; an issue in the file handling logic of the component download.php allows directory traversal to read arbitrary system files via a crafted GET request. CVSSv3.1 score is 7.5 (HIGH) with network attack vector and low complexity; no exploitation details or mit...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 12:0 a.m.19 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

0.00738EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

SoftSul SAC-NFe 安全漏洞

SoftSul SAC-NFe is an electronic invoice management system developed by the Brazilian company SoftSul. Version 2.0.02 of SoftSul SAC-NFe contains a security vulnerability. This vulnerability stems from defects in the file processing logic of the download.php component, which may lead to directory...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 12:0 a.m.3 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

5.9AI score0.00738EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.5 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

9.8CVSS6.5AI score0.01278EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 4:16 a.m.12 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

9.8CVSS0.01278EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 4:16 a.m.4 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

9.8CVSS6.4AI score0.01278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 3:1 a.m.35 views

CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

8.1CVSS0.01278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 3:1 a.m.2 views

CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

8.1CVSS6.5AI score0.01278EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.6 views

(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SAC module. The issue results from the lack of proper validation ...

8.1CVSS7.6AI score0.01278EPSS
Exploits0
NVD
NVD
added 2024/11/13 8:15 p.m.34 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

5.4CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 12:0 a.m.100 views

CVE-2024-42834

The CVE-2024-42834 issue is a stored XSS in the Create Customer API of Incognito Service Activation Center (SAC) UI v14.11. An authenticated attacker can inject a crafted payload via the lastName parameter to execute arbitrary web scripts or HTML. Details across Red Hat, NVD, CNNVD, CIRCL and rel...

5.4CVSS5.5AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 12:0 a.m.18 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

0.00466EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.15 views

Fedora: Security Advisory for sac (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.19 views

[SECURITY] Fedora 40 Update: sac-1.3-46.fc40

SAC is a standard interface for CSS parsers, intended to work with CSS1, CSS2, CSS3 and other CSS derived languages...

8.8CVSS9.1AI score0.02557EPSS
Exploits3
Openbugbounty
Openbugbounty
added 2024/01/29 5:7 p.m.10 views

sac-pizterri.ch Cross Site Scripting vulnerability OBB-3845927

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder