Lucene search
K

1426 matches found

Github Security Blog
Github Security Blog
added 2026/04/07 9:31 a.m.9 views

Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References4Affected Software4
CVE
CVE
added 2026/04/07 7:50 a.m.38 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2026/04/07 7:50 a.m.2 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.3AI score0.00419EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/07 7:50 a.m.1 views

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

5.7AI score0.00419EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.5 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Active...

4.3CVSS5.9AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 2026/04/06 9:19 p.m.21 views

CVE-2026-22675

OCS Inventory NG Server (versions up to 2.12.3) is affected by a stored XSS in the User-Agent header submitted to the /ocsinventory endpoint. The issue stems from improper sanitization/encoding when rendering user-supplied User-Agent values in the statistics dashboard, enabling arbitrary JavaScri...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 9:19 p.m.2 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6AI score0.00218EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/18 12:0 a.m.4 views

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media (moderate)

ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media Announcement ID: openSUSE-SU-2026:10367-1 Rating: moderate Cross-References: CVE-2015-3224 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

4.3CVSS5.8AI score0.44984EPSS
Exploits6
NVD
NVD
added 2026/03/13 7:53 p.m.11 views

CVE-2025-12453

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

6.1CVSS0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 12:0 a.m.9 views

OPENSUSE-SU-2026:10367-1 ruby4.0-rubygem-web-console-4.2.1-1.9 on GA media

These are all security issues fixed in the ruby4.0-rubygem-web-console-4.2.1-1.9 package on the GA media of openSUSE Tumbleweed...

4.3CVSS5.8AI score0.44984EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.6 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS5.8AI score0.00226EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 2:14 p.m.10 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS5.9AI score0.00226EPSS
Exploits1References4
CVE
CVE
added 2026/02/11 2:16 p.m.34 views

CVE-2026-2249

METIS DFS devices expose an unauthenticated web-based shell at /console, allowing remote command execution with daemon privileges on affected versions (

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 2:16 p.m.4 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 2:16 p.m.5 views

CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/11 2:16 p.m.30 views

CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS0.00514EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 2:15 p.m.4 views

CVE-2026-2248 Unauthenticated Remote Root Shell Access via Web Console in METIS WIC

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...

9.8CVSS6.1AI score0.00514EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 2:15 p.m.13 views

CVE-2026-2248

CVE-2026-2248 affects METIS WIC devices (versions

9.8CVSS6.1AI score0.00514EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 2:15 p.m.27 views

CVE-2026-2248 Unauthenticated Remote Root Shell Access via Web Console in METIS WIC

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...

9.8CVSS0.00514EPSS
Exploits0References2
Rows per page
Query Builder