Lucene search
K

228105 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS
Exploits1References3
NVD
NVD
added 1 hour ago3 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score
Exploits1References4
CVE
CVE
added 2 hours ago6 views

CVE-2026-23697

Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...

8.8CVSS6.8AI score
Exploits1References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score
Exploits1References3
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score
Exploits1References3
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago2 views

Malicious code in paperclip-host-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a7cf91b41f6980a21fe3a566b9f251bffaf8326222d7e34daeadcf864355768 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
NVD
NVD
added 2 hours ago4 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score
Exploits1References4
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score
Exploits1References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42054

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score
Exploits1References3
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS
Exploits1References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score
Exploits1References3
OSV
OSV
added 3 hours ago4 views

MAL-2026-6933 Malicious code in hook-augmenting-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd3d1559806fb01191e25c3a162134fb2a28d468e533d6b580fbe7ad1bf821d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 hours ago2 views

Malicious code in hook-augmenting-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd3d1559806fb01191e25c3a162134fb2a28d468e533d6b580fbe7ad1bf821d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 hours ago2 views

GO-2026-5869 Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher

Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References6
OSV
OSV
added 3 hours ago2 views

GO-2026-5875 Rancher vulnerable to command injection through unsanitized YAML parameter in github.com/rancher/rancher

Rancher vulnerable to command injection through unsanitized YAML parameter in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.4CVSS5.9AI score0.01277EPSS
Exploits0References3
OSV
OSV
added 3 hours ago2 views

GO-2026-5893 Calico Inserts Sensitive Information into Log File in github.com/projectcalico/calicoctl

Calico Inserts Sensitive Information into Log File in github.com/projectcalico/calicoctl. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

7.2CVSS5.9AI score0.00224EPSS
Exploits0References9
OSV
OSV
added 3 hours ago2 views

GO-2026-5876 Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher

Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

9.4CVSS5.9AI score0.00319EPSS
Exploits0References4
Rows per page
Query Builder