Lucene search
K

4642 matches found

NVD
NVD
added yesterday4 views

CVE-2026-22103

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-43314

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-15546

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS0.0105EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday22 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score0.0131EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-15546

The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-15480

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS0.00463EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42518

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56709

Name of the Vulnerable Software and Affected Versions UAA versions prior to v78.13.0 Cf-deployment versions prior to v56.2.0 Description A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA. This allows the attack...

9.3CVSS6.1AI score0.00132EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42292

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References2
NVD
NVD
added 6 days ago8 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS0.0128EPSS
Exploits1References1
NVD
NVD
added 6 days ago8 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

7.2CVSS0.00957EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-56775 n8n - Incorrect OAuth Scope Validation in Evaluation Test Runs Endpoints

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...

5.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-56775

CVE-2026-56775 affects n8n prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization vulnerability in three mutating evaluation test-run endpoints that grant state-changing actions under the workflow:read scope instead of the action-appropriate workflow:execute scope. On systems using ...

5.4CVSS6AI score0.00176EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago7 views

CVE-2026-24697

Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

0.0128EPSS
Exploits1References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

0.00957EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-2006 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

5.4CVSS6.1AI score0.00402EPSS
Exploits0References9
Rows per page
Query Builder