Lucene search
K

1426 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/25 2:23 a.m.12 views

CVE-2026-8652

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

8.5CVSS6AI score0.00722EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/25 2:23 a.m.37 views

CVE-2026-8652

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

8.5CVSS0.00722EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-42994

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network...

8.5CVSS6AI score0.00722EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that stems from an OS command injection issue, which could allow execution of arbitrary OS commands over an adjacent network if a malicious third party gains administrator access to th...

8.5CVSS6AI score0.00722EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/21 11:21 p.m.13 views

[SECURITY] Fedora 44 Update: cockpit-362-1.fc44

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

8CVSS7AI score0.01016EPSS
Exploits0
NCSC
NCSC
added 2026/05/15 8:43 a.m.19 views

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

8.8CVSS6.3AI score0.00883EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.11 views

EUVD-2026-29491

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.15 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS0.00883EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 2:33 p.m.9 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 2:33 p.m.27 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS0.00883EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 2:33 p.m.10 views

CVE-2026-8111

CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:33 p.m.11 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40044

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Ivanti Endpoint Manager(EPM) SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...

8.8CVSS6AI score0.00883EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift-web-console (RHSA-2019:2552)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2552 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03178EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2019:1851)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1851 advisory. - web-console: XSS in OAuth server /oauth/token/request endpoint CVE-2019-3876 - jenkins-plugin-token-macro: XML External Entity...

7.5CVSS5.8AI score0.10606EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift-web-console (RHSA-2019:2551)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2551 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03178EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/04 8:5 p.m.15 views

Cross-site Scripting (XSS)

org.apache.activemq, activemq-web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML content in the web console, which allows an attacker to inject and execute malicious HTML/JavaScript by manipulating content type and JMS selecto...

6.5CVSS5.9AI score0.0056EPSS
Exploits0References3Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift-web-console (RHSA-2019:1422)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1422 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS7.7AI score0.03178EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 8:37 a.m.4 views

BIT-ACTIVEMQ-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS5.3AI score0.0056EPSS
Exploits0References3
Rows per page
Query Builder