Lucene search
K

214 matches found

CVE
CVE
added 6 days ago21 views

CVE-2026-12116

CVE-2026-12116 affects Xerte Online Toolkits. The vulnerability allows remote code execution by editing the antivirus binary path in the tools server configuration to point to a PHP interpreter, causing any uploaded PHP data to execute. Affected product: Xerte Online Toolkits (open‑source e‑learn...

9.8CVSS5.9AI score0.0038EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56071

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The coder config-ssh command writes server-supplied SSH settings into the user's /.ssh/config file without...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/23 12:53 a.m.40 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:53 a.m.11 views

EUVD-2026-38411

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:53 a.m.8 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 8:49 a.m.8 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 8:49 a.m.27 views

CVE-2026-4881

Octopus Server is affected by CVE-2026-4881 due to permissions not being checked correctly in a specific API endpoint, allowing any authenticated user to perform server-level changes and receive an error. Affected software is Octopus Server; vulnerable component/behavior is the permission check i...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.7 views

CVE-2026-6235

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00578EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 5:51 p.m.1 views

CVE-2026-5756

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...

5.8AI score0.00329EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29015

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash ...

6.8CVSS6.1AI score0.00216EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 4:38 p.m.3 views

CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

7.1CVSS6.8AI score0.01625EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.12 views

PT-2026-28279

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

7.1CVSS6.7AI score0.01625EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 8:44 p.m.11 views

File Browser Signup Grants Admin When Default Permissions Include Admin

Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...

10CVSS6AI score0.00677EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25858

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where unauthenticated users can register as full administrators if self-registration is enabled signup = true and the default user...

10CVSS5.9AI score0.00677EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.9 views

FreeRDP 资源管理错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.22.0 contained a resource management vulnerability. This vulnerability stemmed from the ecamencodercompressh264 component’s reliance on server-controlled settings and th...

9.1CVSS7.4AI score0.00489EPSS
Exploits0References2
NVD
NVD
added 2026/02/08 1:16 a.m.5 views

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

8.6CVSS0.03916EPSS
Exploits1References5
OSV
OSV
added 2026/02/08 1:16 a.m.4 views

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

7.2CVSS5.6AI score0.03916EPSS
Exploits1References5
CVE
CVE
added 2026/02/08 12:32 a.m.17 views

CVE-2026-2120

CVE-2026-2120 affects D-Link DIR-823X 250416. The issue is an OS command injection in the Configuration Parameter Handler, triggered by manipulating arguments in /goform/set_server_settings (terminal_addr, server_ip, server_port). The attack can be remote and publicly available exploits exist. Af...

8.6CVSS6.8AI score0.03916EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/08 12:32 a.m.46 views

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

8.6CVSS0.03916EPSS
Exploits1References5
Rows per page
Query Builder