Lucene search
K

832 matches found

Cvelist
Cvelist
added 2026/03/02 8:39 a.m.28 views

CVE-2026-20424

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540...

0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

8.8CVSS6AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 2:48 a.m.13 views

CVE-2026-27629

InvenTree CVE-2026-27629 is a Server-Side Template Injection (SSTI) in PART_NAME_FORMAT prior to 1.2.3. A staff member with settings access could modify a jinja2 template used during batch code generation; after validation, this template could be used by other users to exfiltrate data or execute ...

8.8CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 2:48 a.m.4 views

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 2:48 a.m.12 views

EUVD-2026-8602

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-2038

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS5.2AI score0.0065EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:16 p.m.13 views

CVE-2026-2036

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.01075EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:16 p.m.12 views

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS0.00673EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:13 p.m.4 views

CVE-2026-2036

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.7AI score0.01075EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/19 11:15 a.m.10 views

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

9.8CVSS6AI score0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.9 views

PT-2026-8219

Name of the Vulnerable Software and Affected Versions SilverFox affected versions not specified Description A proof of concept has been published demonstrating exploitation in the wild. The Silverfox Group is actively exploiting this issue to terminate antivirus processes. The vulnerable driver i...

5.5CVSS5.4AI score0.00203EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.9 views

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.8 views

PT-2026-7075

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6AI score0.00137EPSS
Exploits0References6
NVD
NVD
added 2026/02/05 5:16 p.m.32 views

CVE-2020-37129

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS0.00338EPSS
Exploits0References3
NVD
NVD
added 2026/02/05 12:15 a.m.7 views

CVE-2019-25285

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

8.5CVSS0.00161EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.23 views

SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/31 6:52 a.m.197 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

SCTT-2026-33-0002: DWM Visual-Field Singularity 📡 Theoret...

7.8CVSS5.9AI score0.05028EPSS
Exploits5
Cvelist
Cvelist
added 2026/01/27 6:51 p.m.24 views

CVE-2020-36980 SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling...

8.5CVSS0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:51 p.m.4 views

CVE-2020-36980

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling...

8.5CVSS6.1AI score0.0013EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/16 7:16 p.m.3 views

CVE-2021-47822

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level...

8.5CVSS0.0015EPSS
Exploits0References3
Rows per page
Query Builder