Lucene search
K

104 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43655

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score0.0062EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-3014 Remote Code Execution by administrative user on the Management Server

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS0.0062EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 2:38 p.m.23 views

CVE-2026-27956

Affected product: Coolify (open-source self-hostable tool). Vulnerability: Cross-team domain enumeration via the endpoint GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid} allows any authenticated API user to enumerate FQDNs of applications belonging to other teams. Root cause (as stated)...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 11:16 p.m.11 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/17 3:49 p.m.9 views

CVE-2026-46448

A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...

8.5CVSS4.8AI score0.00272EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/09 9:58 p.m.3 views

Interpretation Conflict

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...

8.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sendin...

8.3CVSS5.8AI score0.00095EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS7.8AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.20 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.8 views

CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 5:42 p.m.40 views

CVE-2026-44413

JetBrains TeamCity is affected by CVE-2026-44413, with the description: In JetBrains TeamCity before 2026.1, authenticated users could expose the server API to unauthorised access. The NVD entries corroborate this and assign a CVSS v3.1 base score of 8.2 (HIGH) with NETWORK attack vector, LOW int...

8.2CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/10 1:16 a.m.59 views

CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

7.5CVSS0.00391EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 12:31 p.m.11 views

EUVD-2026-28548

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS6AI score0.01829EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 1:50 p.m.47 views

CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

4.6CVSS0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the use of a vulnerable WSGI server. Deploying outdated or...

8.8CVSS5.8AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.37 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS0.00286EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 5:49 p.m.19 views

CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...

6.5CVSS5.3AI score0.00209EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/29 5:49 p.m.3 views

CVE-2026-26206 Wazuh: API brute-force protection bypass via race condition in login attempt tracking

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

6.5CVSS6.5AI score0.00209EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/28 6:49 a.m.6 views

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/27 2:55 p.m.6 views

freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface

A heap buffer overflow has been discovered in FreeRDP. The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References6
Rows per page
Query Builder