Lucene search
K

4482 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27500

NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of...

6.8CVSS5.8AI score0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 5:19 p.m.3 views

CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 5:19 p.m.2 views

CVE-2026-32296

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/17 5:19 p.m.3 views

CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

6.3CVSS5.7AI score0.00332EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/17 5:19 p.m.23 views

CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

6.3CVSS0.00332EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 5:18 p.m.2 views

CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting

The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS5.8AI score0.0053EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.13 views

PT-2026-25918

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References10
OSV
OSV
added 2026/03/12 8:57 p.m.5 views

GO-2026-4677 Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm

Cosmos EVM: incorrect state handling during nested EVM execution paths in github.com/cosmos/evm...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11251

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 6:3 p.m.28 views

CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

8.4CVSS0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10688

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.6 views

EUVD-2026-10687

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:18 p.m.7 views

CVE-2026-26117

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.5 views

CVE-2026-26117

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00439EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:5 p.m.3 views

CVE-2026-26117

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.5 views

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0
Snyk
Snyk
added 2026/03/10 1:12 a.m.3 views

Exposed Dangerous Method or Function

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.9CVSS6.1AI score0.01153EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/10 1:12 a.m.11 views

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page...

9.9CVSS6.6AI score0.01153EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24327

Name of the Vulnerable Software and Affected Versions Azure Windows Virtual Machine Agent affected versions not specified Azure Arc on Windows affected versions not specified Description A security issue exists in Azure Windows Virtual Machine Agent and Azure Arc on Windows that allows an attacke...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is designed for monitoring and managing your online services. Versions of OneUptime prior to 10.0.18 contained security vulnerabilities. These vulnerabilities stemmed from the execution of untrusted user code within the...

9.9CVSS6.2AI score0.00387EPSS
Exploits1References2
Rows per page
Query Builder