Lucene search
+L

1059 matches found

CVE
CVE
added 2026/01/15 4:27 p.m.19 views

CVE-2026-22265

Roxy-WI CVE-2026-22265 describes a command-injection vulnerability in the log viewing functionality. The flaw exists in app/modules/roxywi/logs.py, line 87, where the grep parameter is used both sanitized and in raw form, enabling authenticated users to execute arbitrary system commands. Affected...

7.5CVSS7.5AI score0.02117EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/15 4:27 p.m.8 views

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.8AI score0.02117EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.8 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS6.8AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.8 views

Roxy-WI operating system command injection vulnerability

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.8.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log viewing feature’s ability to allow command...

7.5CVSS6AI score0.02117EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.10 views

PT-2026-3072

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/14 8:3 a.m.8 views

Chainlit vulnerable to improper access restriction

Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.2CVSS6.6AI score0.00217EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/14 6:27 a.m.29 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.7 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

7.5CVSS6.7AI score0.01309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.8 views

CVE-2023-49115

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

7.5CVSS7.2AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.5 views

CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.8AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/01/07 10:15 p.m.9 views

CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS0.00243EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/07 9:18 p.m.7 views

EUVD-2026-1394

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.3AI score0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/07 9:18 p.m.24 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/07 9:18 p.m.5 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.4AI score0.00243EPSS
Exploits1References3
CVE
CVE
added 2026/01/07 9:18 p.m.20 views

CVE-2026-21684

iccDEV is affected in versions prior to 2.3.1.2, where Undefined Behavior occurs in CIccTagSpectralViewingConditions(). A patch is available in version 2.3.1.2. The vulnerability affects users processing ICC color profiles with iccDEV. No explicit exploitation details or in-the-wild activity are ...

7.1CVSS6.4AI score0.00243EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/07 9:18 p.m.6 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.7AI score0.00243EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV versions prior to 2.3.1.2 that stems from undefined behavior in the CIccTagSpectralViewingConditions function...

7.1CVSS6.5AI score0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.14 views

PT-2026-2081

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 exhibit Undefined Behavior within the...

7.1CVSS6.6AI score0.00243EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

8.7CVSS6.7AI score0.00447EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.12 views

PT-2025-51322

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...

7.1CVSS6.4AI score0.00274EPSS
Exploits1References7
Rows per page
Query Builder