Lucene search
K

97 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Tridium Niagara Use of a Broken or Risky Cryptographic Algorithm (CVE-2025-3938)

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

9.8CVSS7.6AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:18 p.m.3 views

Improper Enforcement of Behavioral Workflow

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...

9.1CVSS5.9AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:57 p.m.23 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/14 8:45 p.m.24 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 8:56 a.m.34 views

CVE-2026-50628

CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...

9.8CVSS5.3AI score0.00629EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/07 3:0 a.m.11 views

EUVD-2026-34982

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References5
CVE
CVE
added 2026/06/07 2:30 a.m.24 views

CVE-2026-11450

GL.iNet GL-MT3000 firmware 4.4.5 contains a command injection in the Path Normalization Handler via dlopen in /usr/lib/oui-httpd/rpc/ when processing the dev_name argument. This can be triggered remotely over the network. Upgrading to version 4.7 mitigates the issue by enabling method-level valid...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:30 a.m.6 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score0.01572EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/06/07 2:0 a.m.11 views

EUVD-2026-34979

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References5
CVE
CVE
added 2026/06/07 1:15 a.m.24 views

CVE-2026-11447

Summary: CVE-2026-11447 affects GL.iNet GL-MT3000 (firmware up to 4.4.5), specifically the MTK Backend component’s file iwinfo.so and the function iwinfo_backend. By manipulating the device argument, an attacker can trigger a remote command injection , with exploitation reportedly public. The iss...

6.5CVSS6.2AI score0.01073EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.17 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/05 9:15 p.m.6 views

Untrusted Search Path

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges ...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/06/05 7:7 p.m.98 views

CVE-2026-11400

CVE-2026-11400 describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate privileges to another Amazon RDS user, including rds_superuser, by creating a crafted ...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.9 views

PT-2026-42405

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.0 through 4.4.2 Description An SQL injection in the MySQL CNID backend allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service. SQL injection is a type of fl...

9.9CVSS5.9AI score0.00477EPSS
Exploits0References22
EUVD
EUVD
added 2026/05/18 5:35 p.m.9 views

EUVD-2026-29441

multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/14 9:22 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

6.9CVSS5.7AI score0.0043EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-39997

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs when a multipart/form-data request is sent with a field name that collides with an inherited Object.prototype property, such as proto , constructor, or toString. This...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References8
Snyk
Snyk
added 2026/05/04 8:11 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...

8.2CVSS5.8AI score0.00607EPSS
Exploits1References2
Rows per page
Query Builder