Lucene search
K

1357 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50711

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description The Webmin HTTP server miniserv.pl improperly trusts a client-supplied HTTP header for SSL client certificate identity. This allows unauthenticated remote attackers to spoof certificate distinguished...

9.2CVSS6AI score0.00285EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.172 views

Webmin <= 1.920 - Unauthenticated Remote Command Execution

Webmin =1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in passwordchange.cgi. id: CVE-2019-15107 info: name: Webmin = 1.920 - Unauthenticated Remote Command Execution author: bp0lr severity: critical description: Webmin =1.920. is vulnerable to an...

10CVSS8.9AI score0.99766EPSS
Exploits37References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.125 views

Webmin <1.990 - Improper Access Control

Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without enterin...

9CVSS8.2AI score0.96977EPSS
Exploits13References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.4AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.14 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.12 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 2:37 p.m.13 views

EUVD-2026-32532

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 2:37 p.m.40 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:37 p.m.8 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 2:37 p.m.10 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:37 p.m.24 views

CVE-2026-49103

CVE-2026-49103 affects Webmin prior to 2.640. The issue occurs in the mailboxes/detachall.cgi path where a filename is not safely constructed when saving an attachment, enabling a high-severity impact as indicated by the CVSS: 9.4 (CRITICAL) with CONFIDENTIALITY/INTEGRITY/AVAILABILITY impact. Det...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 2:31 p.m.44 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 2:31 p.m.13 views

EUVD-2026-32528

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 2:31 p.m.8 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:31 p.m.13 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:31 p.m.24 views

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.33 views

Webmin 安全漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a security vulnerability, which stemmed from the insecure construction of the attachment save file name in the mailboxes/detachall.c...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Webmin 跨站脚本漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a cross-site scripting vulnerability. This vulnerability occurred when viewing SVG document attachments in the mailboxes component,...

6.1CVSS5.6AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44031

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder