Lucene search
K

6196 matches found

Cvelist
Cvelist
added 2026/05/12 4:58 p.m.35 views

CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

8CVSS0.01977EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 8:56 a.m.6 views

BIT-PHP-MIN-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:20 a.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
ICS
ICS
added 2026/05/12 12:0 a.m.15 views

Siemens SENTRON 7KT PAC1261 Data Manager

SUMMARY The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has...

9.1CVSS6.7AI score0.00778EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/05/11 6:41 a.m.147 views

Exploiting-RCC

Exploiting open ports in RCC Service Having all RCC ports ope...

6.4AI score
Exploits0
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017753 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.22 views

PT-2026-39708

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view task aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE BASE URL...

6.1AI score0.01008EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

7.1CVSS6.7AI score0.02192EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.8 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017722 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

6.8CVSS6.8AI score0.02293EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:52 p.m.11 views

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/08 10:38 p.m.7 views

GHSA-9PGH-J74G-QJ6M Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal

CONFIDENTIAL KL-CAN-2024-002 Vulnerability Details | | Field | Value | |---|-------|-------| | 1 | Discoverer | Jaggar Henry & Sean Segreti of KoreLogic, Inc. | | 2 | Date Submitted | 2024.03.12 | | 3 | Title | Open WebUI Arbitrary File Upload + Path Traversal | | 5 | Affected Vendor | Open WebUI...

7.3CVSS6.2AI score0.00336EPSS
Exploits1References3
NVD
NVD
added 2026/05/08 2:16 p.m.17 views

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS0.00388EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 12:0 a.m.56 views

CVE-2024-45257

CVE-2024-45257 concerns BYOB (Build Your Own Botnet) 2.0. A command injection vulnerability exists on the payload build page, exploitable via a crafted build parameter that triggers arbitrary command execution on the server (root cause in core/generators.py). Public materials (including Metasploi...

7.3CVSS6.1AI score0.03891EPSS
Exploits3References3
OSV
OSV
added 2026/05/07 11:51 a.m.15 views

BIT-VALKEY-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

8.8CVSS6.1AI score0.01286EPSS
Exploits4References11
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.8 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.8AI score0.0022EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38343

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.7 Description An authenticated user can cause a denial of service by crashing the mongod process. This occurs when running $rankFusion or $scoreFusion with an empty pipeline on a view. During view resolutio...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the incorrect matching of usernames containing the NUL character with truncated username...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References1
Rows per page
Query Builder