Lucene search
K

2429 matches found

NVD
NVD
added yesterday5 views

CVE-2026-54406

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-54406

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-54406

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device...

8.7CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score
Exploits0References7
NVD
NVD
added 2 days ago4 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-54642

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper versions 3.3.0 through 4.0.0 Description Deserialization of untrusted data in the RemoteQueryCachePlugin allows an actor with write access to the shared cache infrastructure to execute arbitrary code on application...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References7
CVE
CVE
added 3 days ago9 views

CVE-2026-56377

ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...

4.8CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
NVD
NVD
added 3 days ago8 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40360

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-12819

CVE-2026-12819 affects the Delta Electronics DVP12SE PLC. The issue is exposure of a Modbus TCP service on a specified port without authentication or access control, allowing unauthenticated interaction with security‑sensitive PLC functions. The CVSS metrics indicate high impact on confidentialit...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added last week9 views

EUVD-2026-37951

mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...

10CVSS5.8AI score0.00498EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week24 views

CVE-2026-44696 OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-13372

The CVE-2026-13372 vulnerability affects Devolutions Remote Desktop Manager 2026.2.5–2026.2.11, where incorrect link resolution by display name in the custom PowerShell VPN editor can enable an authenticated user with write access to a shared workspace to execute a PowerShell script in another us...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52899

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description The rich text rendering pipeline uses an overly permissive configuration for inline style sanitization. This allows authenticated users with write access to formattable text fields, such as work...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:34 p.m.15 views

EUVD-2026-31483

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52608

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain incident occurred where incorrect version tags were pushed to the official repository. These tags pointed to an unreviewed personal fork of a contributor who had write access...

7.7CVSS5.8AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder