Lucene search
K

15277 matches found

NVD
NVD
added 3 hours ago4 views

CVE-2026-56699

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago73 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02204EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago3 views

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass

NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions. id: CVE-2026-24207 info...

9.8CVSS6.1AI score0.02166EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago16 views

ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

9.8CVSS6.3AI score0.02654EPSS
Exploits0References3
NVD
NVD
added 12 hours ago7 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS
Exploits0References1
CVE
CVE
added 13 hours ago11 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 13 hours ago6 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-24226

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-24259

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.4CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-24229

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, dat...

7.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-47473

NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure...

7.4CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-47471

NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service...

7.5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-47472

NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service...

7.8CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-47481

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

6.5CVSS
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-50526

CVE-2026-50526 describes an issue in .NET where improper link resolution before file access ("link following") can allow an authorized local attacker to tamper with files. Multiple sources document the same description and note a local attack vector with high impact on confidentiality, integrity,...

7CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57973

Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally...

6.3CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50495

Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally...

6.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50328

Uncaught exception in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...

7.5CVSS
Exploits0References1
Rows per page
Query Builder