Lucene search
K

6242 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-48364

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Sco...

8.2CVSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-48363 ColdFusion | Uncontrolled Search Path Element (CWE-427)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Sco...

8.2CVSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-48363

CVE-2026-48363 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). The issue...

8.2CVSS6.5AI score
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago24 views

CVE-2026-48364

CVE-2026-48364 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the impact is ...

8.2CVSS6.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-48364 ColdFusion | Uncontrolled Search Path Element (CWE-427)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Sco...

8.2CVSS
Exploits0References1
CVE
CVE
added 2 days ago16 views

CVE-2026-15515

The CVE-2026-15515 entry concerns Tencent PC Manager (version 18.1.30242.301) and its QMUDisk Driver component, specifically the qmudisk64.sys library. The vulnerability is described as an uncontrolled search path issue in the QMUDisk Driver, exploitable only via a local attack. The description n...

7.3CVSS6.3AI score0.00116EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Progress MOVEit Transfer 2023.0.x / 2023.1.x < 2023.1.16 / 2024.0.x / 2024.1.x < 2024.1.7 / 2025.0.x < 2025.0.3 Uncontrolled Resource Consumption (October 2025)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by an uncontrolled resource consumption vulnerability as referenced in Progress Community article 000291424. - Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfe...

8.2CVSS7.2AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42638

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago24 views

CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56871

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The incremental HTML parser html.parser.HTMLParser contains an issue that allows for CPU denial-of-service when processing uncontrolled data. The root cause is improper input handling that...

8.7CVSS6AI score0.00553EPSS
Exploits0References22
Cvelist
Cvelist
added last week34 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS0.00134EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-42165

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References2
CVE
CVE
added last week8 views

CVE-2026-56437

The CVE-2026-56437 issue affects Pupsman versions prior to 3.9.0. An Uncontrolled search path element allows arbitrary code execution with SYSTEM privileges if a crafted DLL is placed in the same folder as the affected installer and the installer is executed. No exploitation details or fixes are ...

8.4CVSS7.2AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 4:2 p.m.5 views

PYSEC-2026-1477 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Impact On Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected...

7.3CVSS7.1AI score0.00154EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS0.00546EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:48 a.m.4 views

BIT-ELASTICSEARCH-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS6AI score0.00347EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 10:12 a.m.17 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 12:0 a.m.13 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00451EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00347EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:16 p.m.5 views

UBUNTU-CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder