Lucene search
K

1591 matches found

Circl
Circl
added 2026/06/30 10:0 a.m.9 views

CVE-UNASSIGNED-2022-HIKVISION-MANAGEMENT-PLATFORM-RCE-01

creationtimestamp| type| source ---|---|--- 2026-06-30 10:00:36+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/98553c66-c0b0-453f-8325-37efb35aaa5b...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/30 10:0 a.m.7 views

CVE-UNASSIGNED-2022-RUIJIE-RCE-01

creationtimestamp| type| source ---|---|--- 2026-06-30 10:00:32+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bc64bc47-5865-48a1-ab28-b41f86f52766...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/30 9:59 a.m.13 views

CVE-UNASSIGNED-2020-SAMSUNG-WLAN-AP-RCE-01

creationtimestamp| type| source ---|---|--- 2026-06-30 09:59:18+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/38da8f85-bb02-4be1-85fb-378e980285c8...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/30 9:39 a.m.10 views

CVE-UNASSIGNED-2020-ZYXEL-CPE-COMMAND-INJECTION-RCE-01

creationtimestamp| type| source ---|---|--- 2026-06-30 09:39:37+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7a5b5786-b418-4a38-b09b-03ba93dca08c...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.14 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.2AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 9:8 p.m.35 views

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 9:8 p.m.9 views

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:8 p.m.10 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.8AI score0.00174EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/04 9:8 p.m.12 views

EUVD-2026-34330

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46391

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities. These vulnerabilities stemmed from the ability to create alerts for unassigned customers, which could be...

5.4CVSS5.2AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 6:50 p.m.48 views

CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

5.9CVSS0.00398EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/07 6:50 p.m.9 views

CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References7
CVE
CVE
added 2026/05/07 6:50 p.m.20 views

CVE-2026-43510

CVE-2026-43510 concerns the get.gov management tool used by CISA as the .gov TLD registrar. Multiple sources confirm a vulnerability where an organization administrator could assign domain manager privileges for domains that are not already in another organization, enabling an improper privilege ...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/24 5:2 p.m.4 views

CVE-2026-31546

A flaw was found in the Linux kernel's networking bonding driver. This vulnerability occurs when the bonddebugrlbhashshow function attempts to access a network interface that has been unassigned, leading to a NULL pointer dereference. A local attacker with appropriate permissions could exploit th...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 1:42 a.m.6 views

EUVD-2026-8815

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.4AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 1:42 a.m.5 views

CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.9AI score0.0019EPSS
Exploits0References3
Rows per page
Query Builder