Lucene search
K

161 matches found

Cvelist
Cvelist
added 2026/07/06 8:12 a.m.29 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:3 p.m.7 views

EUVD-2026-40320

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

8.7CVSS5.8AI score0.0044EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:58 p.m.25 views

CVE-2026-10817

CVE-2026-10817 is an “insufficient input validation leading to memory overread” affecting Citrix NetScaler ADC and NetScaler Gateway when TCP TimeStamp is enabled in the TCP profile and attached to a virtual server (LB, CS, VPN) or the service. Public sources consistently describe the root cause ...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/06/19 2:16 p.m.12 views

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 is affected by an unquoted binary path in the niaservice service, enabling local privilege escalation. An attacker could place a malicious executable in an intermediate directory and trigger code execution with LocalSystem privileges when the service starts or r...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/19 2:16 p.m.5 views

CVE-2019-25747 Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 7:17 p.m.17 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.35 views

CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41356

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/21 6:16 p.m.5 views

CVE-2026-5789

A flaw was found in CivetWeb. This vulnerability, related to an unquoted search path, allows a local attacker to execute arbitrary code with elevated privileges. By placing a malicious executable in a directory that is scanned before the legitimate CivetWeb application path, an attacker can explo...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2026-24138

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 2:22 p.m.24 views

CVE-2026-5789

CVE-2026-5789 affects CivetWeb v1.16. The root cause is an unquoted search path in the service configuration, allowing a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory scanned before the application path (e.g., C:\Program Files\C...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:22 p.m.7 views

CVE-2026-5789

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/21 2:22 p.m.6 views

CVE-2026-5789

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS5.9AI score0.00139EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/21 2:22 p.m.39 views

CVE-2026-5789 Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-33989

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:Program FilesCivetWebCivetWeb.e...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/12 6:30 a.m.8 views

EUVD-2026-21702

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...

10CVSS5.6AI score0.01803EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.5 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.8CVSS6AI score0.00447EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 6:16 p.m.4 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.8CVSS0.00447EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 2:27 p.m.12 views

CVE-2021-27032

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissio...

7.8CVSS7.2AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28284

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References4
Rows per page
Query Builder