Lucene search
K

19 matches found

NVD
NVD
added yesterday4 views

CVE-2026-22103

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score0.0131EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.0131EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 3:49 p.m.9 views

EUVD-2026-37904

Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...

6.9CVSS5.3AI score0.00301EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 3:49 p.m.18 views

CVE-2026-55205

Hermes WebUI prior to 0.51.468 is affected by a resource-exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint. The issue allows unbounded accumulation of in-memory flow state and daemon threads, enabling repeated or concurrent requests to exhaust server memory...

6.9CVSS5.3AI score0.00301EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.15 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:30 a.m.15 views

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/26 2:47 p.m.151 views

Exploit for CVE-2026-47668

CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...

6.7AI score0.00336EPSS
Exploits1
CVE
CVE
added 2026/05/18 6:51 a.m.21 views

CVE-2026-2325

CVE-2026-2325 affects Mattermost versions 11.5.x up to 11.5.1, 10.11.x up to 10.11.13, and 11.4.x up to 11.4.3. The issue is an improper input validation where the start meeting API endpoint (/api/v1/meetings) does not limit the request body size, enabling an authenticated attacker to cause resou...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/27 4:16 p.m.6 views

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

9.8CVSS0.00515EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.33 views

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

0.00515EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:0 a.m.3 views

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

9.8CVSS6.8AI score0.00515EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35440

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

9.8CVSS6.8AI score0.00515EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.4 views

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

6.8AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 12:0 a.m.6 views

EUVD-2026-25863

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

9.8CVSS6.8AI score0.00515EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 7:25 p.m.7 views

Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

The fix for CVE-2026-27598 commit e2ed589, PR 1691 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the fileName URL path parameter to locateDAG without...

8.1CVSS6AI score0.00571EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.4 views

PT-2023-27543 · Openknowledgemaps · Openknowledgemaps Head Start

Name of the Vulnerable Software and Affected Versions: OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 Visual Project Explorer version 1.0 Description: A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieve...

6.1CVSS6.1AI score0.00512EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2018/01/19 12:0 a.m.8 views

PT-2018-5358 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An improper authorization issue exists in the miner start API endpoint of cpp-ethereum's JSON-RPC. This allows a JSON request to access restricted functionality, resulting in...

8.1CVSS4.3AI score0.01361EPSS
Exploits2References3
Rows per page
Query Builder