Lucene search
K

5317 matches found

Nuclei
Nuclei
added 15 hours ago17 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.6AI score0.76148EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago160 views

Caddy 2.4.6 - Open Redirect

Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28923 info: name: Caddy 2.4.6 - Open Redirect author: Sascha...

6.1CVSS6.6AI score0.01431EPSS
Exploits1References5
Cvelist
Cvelist
added yesterday30 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-22096

CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57672

Name of the Vulnerable Software and Affected Versions EVbee DC-80 affected versions not specified Description The built-in web server running on port 8090 lacks authentication. This flaw allows unauthorized access to sensitive information, including configured passwords and stored credentials, an...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 7:16 p.m.7 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 6:0 p.m.33 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

0.00271EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:0 p.m.6 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/06 6:0 p.m.5 views

EUVD-2026-41895

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References1
CVE
CVE
added 2026/07/06 6:0 p.m.49 views

CVE-2026-13753

HP Deskjet 2800 Series printers (firmware

7.5CVSS6AI score0.00271EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55961

Name of the Vulnerable Software and Affected Versions HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR Description A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET request...

7.5CVSS6AI score0.00271EPSS
Exploits1References9
CERT
CERT
added 2026/07/06 12:0 a.m.5 views

HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability

Overview HP Printers in the Deskjet 2800 Series running firmware version =TBP1CN2612AR contain a missing authorization vulnerability tracked as CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management...

7.5CVSS6.2AI score0.00271EPSS
Exploits1
CVE
CVE
added 2026/07/04 12:5 p.m.20 views

CVE-2026-12196

The CVE-2026-12196 entry describes a broken access control vulnerability in the HestiaCP panel cronjob feature. Low-privilege users can modify the panel cronjob to execute management scripts with passwordless sudo, enabling takeover of administrator users in the application and the underlying web...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 12:5 p.m.11 views

EUVD-2026-41671

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55695

Name of the Vulnerable Software and Affected Versions HestiaCP affected versions not specified Description The panel cronjob feature contains a broken access control flaw. This allows users with low privileges to modify the panel cronjob to execute HestiaCP management scripts using passwordless...

8.3CVSS6AI score0.00256EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/01 3:34 p.m.5 views

Improper Input Validation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Input Validation via improper validation of session parameters in the payment integration plugins and the use of shared cryptographic keys and salts across unrelated...

9.9CVSS6AI score0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:32 p.m.6 views

CVE-2026-10852

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 7:32 p.m.41 views

CVE-2026-10852

CVE-2026-10852 affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty via the WebSphere WebServer Plug-in. The IBM and NVD entries describe a denial-of-service vulnerability triggered by crafted requests to the web server. Affected versions include IBM WebSphere App...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 7:32 p.m.4 views

CVE-2026-10852 Websphere Application Server is Affected By a Denial of Service

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

5.9CVSS5.9AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 7:32 p.m.37 views

CVE-2026-10852 Websphere Application Server is Affected By a Denial of Service

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

5.9CVSS0.00271EPSS
Exploits0References1
Rows per page
Query Builder