Lucene search
K
CvelistRecent

366246 matches found

Cvelist
Cvelist
•added 2 hours ago•2 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-15030

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•2 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS
Exploits0References1
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-11851

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
•added 3 hours ago•7 views

CVE-2026-13230 Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS
Exploits0References5
Cvelist
Cvelist
•added 3 hours ago•6 views

CVE-2026-9770 Hardcoded Cryptographic Key Information Disclosure Vulnerability on TP-Link Kasa EC70 and EC71

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS
Exploits0References5
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-15753 zhinianboke xianyu-auto-reply review approve trusting http permission methods on the server side

A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack ma...

5.5CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-5269 Navigator NCS and MCP System Accounts with Default Passwords

In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...

Exploits0References1
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

Exploits0References1
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-54684 jadx: XAPK archive entries with absolute paths can plant drop-in plugins and achieve code execution on the next jadx run

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolvefileName after a...

7CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-42447 jadx: HTML Injection in Summary panel

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...

3.6CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-42049 jadx: RCE Via Groovy Code Injection in Gradle Export

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...

8.4CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-21840 HCL BigFix Platform is affected by a user enumeration vulnerability

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service...

3.1CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-59732 rclone archive extract allows S3 destination prefix escape via crafted archive paths

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-48295 CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-48290 CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48357 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue...

6.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-48296 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48287 CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48312 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-48351 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-48302 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

6.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-48354 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not requir...

6.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-48298 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48352 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48353 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user...

5.5CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-45363 `jwt` (Ruby gem) - empty-key HMAC bypass

ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token because OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key and no empty-key...

9.1CVSS0.00018EPSS
Exploits0References5
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-15750 mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-48807 Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48806 Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-48808 Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

6CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-48805 Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-46637 Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.1CVSS0.0006EPSS
Exploits0References4
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-46638 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Twig is a template language for PHP. Prior to 3.26.0, % sandbox %% include % can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity, allowing the cached template to use tags, filters, and functions that should have been denied by...

6CVSS0.00066EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-46640 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Twig is a template language for PHP. From 3.15.0 until 3.26.0, self. and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template source and...

8.7CVSS0.00056EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS0.00056EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-47730 Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.1CVSS0.00037EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-46628 Twig: The `spaceless` filter implicitly marks its output as safe

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.1CVSS0.00056EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-46634 Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

Twig is a template language for PHP. From 3.9.0 until 3.26.0, templatefromstring compiles an inner template under a synthesized stringtemplate name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call templatefromstring and include to render ...

7.7CVSS0.00031EPSS
Exploits0References3
Cvelist
Cvelist
•added yesterday•8 views

CVE-2026-48336 Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-48335 Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS
Exploits0References1
Total number of security vulnerabilities366246