Lucene search
K

447 matches found

NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS0.00535EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.4 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.26 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS0.00535EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.3 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...

7.2CVSS5.9AI score0.0176EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 4:44 p.m.2 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...

7.2CVSS5.9AI score0.0176EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 4:44 p.m.13 views

CVE-2026-25836

FortiSandbox Cloud 5.0.4 is affected by an OS command injection vulnerability. A privileged attacker with super-admin profile and CLI access can craft HTTP requests to execute arbitrary commands on the system. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and h...

7.2CVSS6AI score0.0176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.28 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

7.2CVSS0.0176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24248

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox Cloud version 5.0.4 Description The system contains a flaw due to improper neutralization of special elements used in an operating system command, specifically an 'os command injection' issue. Successful exploitation may...

9CVSS6AI score0.0176EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24247

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 5:27 p.m.5 views

EUVD-2026-10160

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/09 5:27 p.m.8 views

Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/09 5:27 p.m.4 views

GHSA-CH3W-9456-38V3 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

6.9CVSS5.9AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.5 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 4:14 p.m.0 views

CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:14 p.m.1 views

CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/07 4:14 p.m.13 views

CVE-2026-29195

This CVE concerns Netmaker (WireGuard-based) where, prior to v1.5.0, the PUT /api/users/{username} handler failed to validate attempts by an admin to assign super-admin during user updates. The result could allow an admin-user to elevate to super-admin, since the check to prevent super-admin assi...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.10 views

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained security...

6.9CVSS7.3AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.8 views

PT-2026-23870

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0 Description Netmaker, which utilizes WireGuard, has an issue where the user update handler does not properly validate role assignments. Specifically, an administrator-role user can assign the super-admin role t...

9.9CVSS5.8AI score0.22162EPSS
Exploits69References140
Rows per page
Query Builder