Lucene search
K

142 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 11:7 p.m.11 views

CVE-2026-13054

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS5.9AI score0.00459EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:59 a.m.22 views

CVE-2026-53908

CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/29 10:53 p.m.3 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-427 Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

9.3CVSS6.3AI score0.00297EPSS
Exploits1References10
OSV
OSV
added 2026/06/17 4:23 p.m.7 views

MINI-6MGR-V25C-G9MM

Bulletin has no description...

5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.19 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00387EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.8 views

GHSA-Q4WQ-4WHJ-CXHX vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.8 views

CVE-2025-10911 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

5.5CVSS6.3AI score0.00161EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.9 views

GHSA-75HH-423H-RVWG vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.13 views

CVE-2026-34268 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

2.9CVSS6.5AI score0.00122EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.12 views

GHSA-5FXQ-F64V-57FQ vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.9 views

GHSA-99RJ-3595-5FRJ vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9, openjdk-11-openj9...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/06/05 7:15 p.m.32 views

CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.11 views

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

5.4CVSS0.003EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Seagate openSeaChest 安全漏洞

Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from out-of-bounds writing and reading operations during the --showSCSIDefects...

1.8CVSS5.3AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 5:19 p.m.22 views

CVE-2026-34643

CVE-2026-34643 affects Adobe After Effects versions 26.0, 25.6.4 and earlier with an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The entry provides CVSS ...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/03 4:45 p.m.36 views

EUVD-2026-26842

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...

5.3CVSS5.2AI score0.00381EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/03 4:15 p.m.45 views

CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

7.5CVSS0.00311EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

AV Stumpfl Pixera Two Media Server 路径遍历漏洞

The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.1 R2 and earlier contained a path traversal vulnerability. This vulnerability originated from an unknown function in the...

5.3CVSS5.8AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 6:29 p.m.54 views

CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS0.02187EPSS
Exploits1References2
Rows per page
Query Builder