Lucene search
+L

19 matches found

NVD
NVD
added 2026/07/10 4:17 a.m.9 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 3:10 a.m.8 views

EUVD-2026-42781

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6AI score0.00516EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/10 3:10 a.m.7 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
CVE
CVE
added 2026/07/10 3:10 a.m.20 views

CVE-2026-54423

OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...

8.2CVSS6AI score0.00516EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/08 3:56 p.m.7 views

CVE-2026-54423

A malicious user with access to deploy a node directly via Ironic can specify the IPMI sendraw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI sendraw capability is exposed multiple ways, including via VendorPassthru interfaces restricted to system admin and...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.13 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.9AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:35 p.m.5 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 4:35 p.m.4 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 4:35 p.m.15 views

CVE-2026-25529

Postal is an open source SMTP server. CVE-2026-25529 affects versions before 3.3.5, where unescaped data could be injected into the admin interface, primarily via the API’s send/raw method. This HTML injection could permit arbitrary HTML and potentially unauthorised JavaScript execution in the ad...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/12 4:35 p.m.7 views

EUVD-2026-11603

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 4:35 p.m.28 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 4:35 p.m.7 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

Postal 跨站脚本漏洞

Postal is a complete and fully functional email server developed by Postal OpenSource. It is used for websites and web servers. Versions of Postal prior to 3.3.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the send/raw method in the API, which allowed unescaped...

8.1CVSS5.6AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25008

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003316 advisory. An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacsendrawsrb...

5.5CVSS7.1AI score0.00558EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002297 advisory. The aacsendrawsrb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local...

4.7CVSS7.2AI score0.00602EPSS
Exploits1References20
OSV
OSV
added 2020/12/15 5:15 p.m.3 views

CVE-2020-27045

In CESendRawFrame of cemain.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS6.2AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/12/15 5:15 p.m.3 views

CVE-2020-27045

In CESendRawFrame of cemain.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS6AI score0.00424EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/12/15 5:15 p.m.5 views

CVE-2020-27048

In RWSendRawFrame of rwmain.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS5.6AI score0.00416EPSS
Exploits0References2
Rows per page
Query Builder