Lucene search
K

364537 matches found

NVD
NVD
•added 2026/06/15 12:16 p.m.•14 views

CVE-2026-34024

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
NVD
NVD
•added 2026/06/15 12:16 p.m.•14 views

CVE-2026-34021

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...

8.6CVSS0.00196EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 12:16 p.m.•13 views

CVE-2026-12057

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS0.00129EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 10:16 a.m.•22 views

CVE-2026-50100

Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially craft...

8.5CVSS0.00131EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 10:16 a.m.•13 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 10:16 a.m.•13 views

CVE-2026-11860

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS0.00235EPSS
Exploits0References2
NVD
NVD
•added 2026/06/15 8:16 a.m.•13 views

CVE-2026-8935

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 a.m.•16 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 a.m.•13 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 a.m.•16 views

CVE-2026-8385

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS0.00192EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 6:16 a.m.•13 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 6:16 a.m.•12 views

CVE-2026-12220

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 6:16 a.m.•15 views

CVE-2026-12221

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 6:16 a.m.•13 views

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 6:16 a.m.•14 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 6:16 a.m.•15 views

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 4:16 a.m.•34 views

CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS0.00112EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 4:16 a.m.•12 views

CVE-2026-12217

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00111EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 4:16 a.m.•11 views

CVE-2026-12212

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

5.3CVSS0.00207EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 4:16 a.m.•10 views

CVE-2026-12214

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

8.5CVSS0.00124EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 4:16 a.m.•13 views

CVE-2026-12213

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS0.00203EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 3:16 a.m.•16 views

CVE-2026-12209

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

6.9CVSS0.00314EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 3:16 a.m.•18 views

CVE-2026-12210

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

6.5CVSS0.00228EPSS
Exploits0References7
NVD
NVD
•added 2026/06/15 3:16 a.m.•12 views

CVE-2026-12211

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00372EPSS
Exploits0References6
NVD
NVD
•added 2026/06/15 3:16 a.m.•17 views

CVE-2026-12208

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 2:16 a.m.•12 views

CVE-2026-12206

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 2:16 a.m.•15 views

CVE-2026-12203

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS0.00402EPSS
Exploits0References9
NVD
NVD
•added 2026/06/15 2:16 a.m.•12 views

CVE-2026-12207

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS0.00226EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 2:16 a.m.•12 views

CVE-2026-12204

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 2:16 a.m.•11 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
NVD
NVD
•added 2026/06/15 1:16 a.m.•15 views

CVE-2026-12201

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS0.00103EPSS
Exploits0References6
NVD
NVD
•added 2026/06/15 1:16 a.m.•14 views

CVE-2026-12200

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS0.00324EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 12:16 a.m.•13 views

CVE-2026-12198

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS0.00525EPSS
Exploits0References7
NVD
NVD
•added 2026/06/15 12:16 a.m.•15 views

CVE-2026-12193

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS0.00142EPSS
Exploits0References10
NVD
NVD
•added 2026/06/15 12:16 a.m.•14 views

CVE-2026-12192

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS0.00316EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 12:16 a.m.•17 views

CVE-2026-12197

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS0.02385EPSS
Exploits0References5
NVD
NVD
•added 2026/06/14 11:16 p.m.•15 views

CVE-2026-12191

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS0.00137EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 11:16 p.m.•16 views

CVE-2026-12188

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
•added 2026/06/14 11:16 p.m.•10 views

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
NVD
NVD
•added 2026/06/14 11:16 p.m.•11 views

CVE-2026-12190

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
NVD
NVD
•added 2026/06/14 11:16 p.m.•14 views

CVE-2026-12187

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS0.0194EPSS
Exploits0References6
NVD
NVD
•added 2026/06/14 9:16 p.m.•12 views

CVE-2026-12186

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
NVD
NVD
•added 2026/06/14 6:17 p.m.•13 views

CVE-2026-54413

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS0.00459EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 6:17 p.m.•16 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 6:17 p.m.•15 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS0.00407EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 6:17 p.m.•14 views

CVE-2026-54410

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...

9CVSS0.00541EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 12:16 p.m.•13 views

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS0.00618EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 12:16 p.m.•10 views

CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS0.01353EPSS
Exploits0References4
NVD
NVD
•added 2026/06/14 8:16 a.m.•15 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.4CVSS0.00159EPSS
Exploits0References1
NVD
NVD
•added 2026/06/14 4:16 a.m.•17 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS0.00291EPSS
Exploits0References3
Total number of security vulnerabilities364537