Lucene search
K

887 matches found

GithubExploit
GithubExploit
added 2026/03/10 12:2 p.m.152 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Research: TeamCity Authentication Bypass CVE-2024-27198 Simu...

9.8CVSS5.8AI score0.99938EPSS
Exploits24
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10351

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

6.5CVSS6AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 3:16 p.m.6 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS0.00505EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.6 views

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

7.5CVSS6AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 7:16 p.m.8 views

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

7.5CVSS0.00411EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...

9.1CVSS5.8AI score0.00265EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

Tata Consultancy Services Cognix Recon Client 安全漏洞

Tata Consultancy Services Cognix Recon Client is a financial reconciliation software developed by Tata Consultancy Services in India. Version 3.0 of Tata Consultancy Services Cognix Recon Client contains a security vulnerability. This vulnerability stems from the lack of authentication and...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 12:0 a.m.13 views

CVE-2026-26418

The CVE-2026-26418 entry affects Tata Consultancy Services Cognix Recon Client v3.0. The vulnerability is a missing authentication and authorization flaw in the web API, enabling remote attackers to access application functionality over the network without restriction. According to the provided m...

7.5CVSS6AI score0.00411EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/04 6:16 p.m.7 views

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

WordPress plugin PostX 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6AI score0.00313EPSS
Exploits0References6
NVD
NVD
added 2026/03/03 6:16 p.m.13 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS0.03686EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/03 12:0 a.m.25 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS0.03686EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.3 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS6.8AI score0.03686EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS6.8AI score0.03686EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.213 views

📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload

This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...

9.8CVSS5.9AI score0.03177EPSS
Exploits2
EUVD
EUVD
added 2026/02/25 6:31 p.m.6 views

EUVD-2026-8674

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

8.8CVSS5.6AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-22052

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

6.3CVSS6.7AI score0.00388EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/02/25 12:0 a.m.6 views

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP po...

6.3CVSS5.6AI score0.00388EPSS
Exploits0References1
Rows per page
Query Builder