Lucene search
+L

369 matches found

NVD
NVD
added yesterday7 views

CVE-2026-15380

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15380 Local privilege escalation in Symantec ITMS

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-15380

CVE-2026-15380 : A non-admin interactive user can achieve full SYSTEM code execution via a DCOM/task scheduler logic chain in Symantec ITMS. No network access or memory corruption required. Connected records confirm the vulnerability and impact as stated; no explicit exploit details, mitigations,...

5.1CVSS6.2AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-15380

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45153

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS6.1AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli. Versions of XXL-JOB 3.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from improper control of resource identifiers due to the parameter logId in the function logDetailCat of the Execution Log...

6.3CVSS5.8AI score0.00418EPSS
Exploits0References1
Trellix
Trellix
added 2026/04/20 12:0 a.m.12 views

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

6.3AI score
Exploits0
OSV
OSV
added 2026/04/15 6:37 p.m.9 views

MAL-2026-2884 Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score
Exploits0References2
CVE
CVE
added 2026/03/26 8:34 p.m.16 views

CVE-2026-33619

PinchTab v0.8.3 exposes an unauthenticated blind SSRF via the scheduler’s webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the scheduler issues an outbound POST to that URL at terminal state. The webhook path only validated the URL scheme, failing...

5.5CVSS5.8AI score0.00249EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/26 8:33 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the callbackUrl parameter in the Task Scheduler process. An attacker can cause the server to make arbitrary HTTP requests to external or internal systems by supplying a crafted URL. Remediation Upgra...

5.5CVSS6AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:33 p.m.9 views

GO-2026-4825 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab

PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab...

5.5CVSS5.9AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 7:32 p.m.3 views

GHSA-XQQ2-4J46-VWP7 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

Summary PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3 scheduler sends an outbound HTTP POST to that URL when the task reaches a terminal state. ...

4.1CVSS5.9AI score0.00249EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/24 7:32 p.m.14 views

PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

Summary PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3 scheduler sends an outbound HTTP POST to that URL when the task reaches a terminal state. ...

5.5CVSS5.9AI score0.00249EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 4:7 a.m.11 views

CVE-2026-3064

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

8.8CVSS5.2AI score0.19135EPSS
Exploits1References1
NVD
NVD
added 2026/02/24 3:16 a.m.14 views

CVE-2026-3064

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

8.8CVSS0.19135EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:32 a.m.7 views

CVE-2026-3064

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

6.5CVSS5.2AI score0.19135EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/24 2:32 a.m.10 views

EUVD-2026-7404

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

8.8CVSS5.2AI score0.19135EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/24 2:32 a.m.32 views

CVE-2026-3064 HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

6.5CVSS0.19135EPSS
Exploits1References4
CVE
CVE
added 2026/02/24 2:32 a.m.30 views

CVE-2026-3064

CVE-2026-3064 affects HummerRisk up to 1.5.0, specifically the ResourceCreateService.java component of Cloud Task Scheduler. The issue arises from manipulating the argument regionId, enabling command injection. Impact is described as remote exploitation with high confidentiality, integrity, and a...

8.8CVSS6.4AI score0.19135EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/24 2:32 a.m.9 views

CVE-2026-3064 HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

5.3CVSS6.1AI score0.19135EPSS
Exploits1References6
Rows per page
Query Builder