Lucene search
K

276246 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 11:15 p.m.6 views

CVE-2019-25276

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...

8.5CVSS5.6AI score0.0019EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 11:15 p.m.31 views

CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...

8.5CVSS0.0019EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 11:15 p.m.2 views

CVE-2019-25267 Wing FTP Server 6.0.7 - Unquoted Service Path

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launche...

8.5CVSS5.9AI score0.00222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/04 9:21 p.m.3 views

CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 9:18 p.m.11 views

CVE-2024-43181

IBM Concert Software versions 1.0.0–2.1.0 do not invalidate sessions after logout, enabling an authenticated user to impersonate another user. Red Hat and ENISA entries confirm this behavior across multiple feeds. Root cause: insufficient session invalidation on logout. Impact: potential account ...

6.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:32 p.m.5 views

CVE-2025-15555

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hssogsdiamcxmarcb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGSKEYLEN results in stack-based buffer overflow. The attack may be...

7.5CVSS5.9AI score0.00518EPSS
Exploits1References8
Snyk
Snyk
added 2026/02/04 6:41 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
NVD
NVD
added 2026/02/04 6:16 p.m.9 views

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

9.1CVSS0.00317EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/04 6:16 p.m.5 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

8.8CVSS5.8AI score0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 6:16 p.m.3 views

UBUNTU-CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

6.5CVSS5.8AI score0.00373EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 6:16 p.m.3 views

UBUNTU-CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

9.1CVSS5.7AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 6:12 p.m.6 views

EUVD-2026-5382

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 5:16 p.m.6 views

DEBIAN-CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

5.2AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 5:16 p.m.6 views

CVE-2026-20119

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 5:15 p.m.5 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS5.6AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 5:15 p.m.4 views

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

4.3CVSS5.4AI score0.00373EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 4:27 p.m.2 views

CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6AI score0.00188EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/04 4:27 p.m.12 views

CVE-2026-0660

CVE-2026-0660 describes a vulnerability where a malicious GIF file, parsed by Autodesk 3ds Max, can trigger a Stack-Based Buffer Overflow, allowing arbitrary code execution in the context of the current process. Affected product: Autodesk 3ds Max (explicitly noted in connected Nessus/Red Hat/CVE ...

8.4CVSS6AI score0.00188EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/04 4:24 p.m.6 views

EUVD-2026-5428

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 4:24 p.m.5 views

CVE-2026-0538 GIF File Parsing Out-of-Bounds Write

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

8.4CVSS6AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder