Lucene search
K

1044 matches found

CVE
CVE
added yesterday6 views

CVE-2026-9140

CVE-2026-9140 describes a denial-of-service in 1719-AENTR devices caused by improper handling of a UDP unicast network storm, leading to device overload and loss of communication. Recovery requires a power cycle. The CVSS 4.0 score is 8.7 (HIGH); attack vector is NETWORK with no privileges or use...

8.7CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday38 views

Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion

A directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1602 info: name: Joomla! Component...

7.5CVSS6.2AI score0.15695EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

9.8CVSS7.1AI score0.21881EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday50 views

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

7.5CVSS7AI score0.1129EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday29 views

Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion

Razer Sila Gaming Router 2.0.441api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files. id: CVE-2022-29014 info: name: Razer Sila Gaming Router 2.0.441api-2.0.418 - Local File Inclusion author: edoardottt severity: high description: Razer Sila Gaming...

7.5CVSS7AI score0.10612EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday26 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6.2AI score0.14847EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

Joomla! Component JProject Manager 1.0 - Local File Inclusion

A directory traversal vulnerability in the Ternaria Informatica JProject Manager comjprojectmanager component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1469 inf...

6.8CVSS6.2AI score0.08163EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago63 views

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

9CVSS7.1AI score0.82165EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago87 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
Nuclei
Nuclei
added 2026/07/08 5:22 a.m.27 views

Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS7.2AI score0.99134EPSS
Exploits14References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.5AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-41081

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.3AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.8 views

CVE-2026-35337

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

8.8CVSS6.3AI score0.01011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2026-35565

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

5.4CVSS5.2AI score0.00466EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 4:16 a.m.20 views

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:32 a.m.17 views

EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.9 views

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 3:32 a.m.14 views

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 3:32 a.m.22 views

CVE-2026-48191

CVE-2026-48191 affects STORM modules in OTRS (versions 7.0.x, 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x prior to 2026.4.x). The vulnerability arises from incorrect handling of permissions in Document Search Article Meta Filters, enabling an attacker to learn the number of affected CIs, SLA and se...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder