| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42740 | Cri | 0.60 | 9.3 | 0.00 | May 27, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through <= 1.0.3. | ||
| CVE-2026-42731 | Cri | 0.64 | 9.8 | 0.00 | May 27, 2026 | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9. | ||
| CVE-2026-42727 | Cri | 0.60 | 9.3 | 0.00 | May 27, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce:… | ||
| CVE-2026-8054 | Cri | 0.58 | — | 0.02 | May 27, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,… | ||
| CVE-2026-49002 | — | Cri | 0.59 | 9.1 | 0.00 | May 27, 2026 | Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information. | |
| CVE-2025-12686 | Cri | 0.64 | 9.8 | 0.03 | May 27, 2026 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2026-8760 | Cri | 0.57 | 9.8 | 0.01 | May 27, 2026 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to `otpl_login_action()` was placed only inside the OTP-generation… | ||
| CVE-2026-8450 | Cri | 0.52 | 9.1 | 0.01 | May 27, 2026 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path… | ||
| CVE-2026-44632 | cri | 0.59 | — | 0.00 | May 27, 2026 | ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure… | ||
| CVE-2026-44985 | Cri | 0.55 | 9.6 | 0.00 | May 26, 2026 | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using… | ||
| CVE-2026-44895 | Cri | 0.53 | — | 0.00 | May 26, 2026 | GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a… | ||
| CVE-2026-44451 | Cri | 0.60 | 9.3 | 0.00 | May 26, 2026 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator… | ||
| CVE-2026-44450 | Cri | 0.64 | 9.9 | 0.00 | May 26, 2026 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an… | ||
| CVE-2026-44449 | Cri | 0.59 | 9.1 | 0.00 | May 26, 2026 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script… | ||
| CVE-2026-44444 | Cri | 0.59 | 9.1 | 0.00 | May 26, 2026 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan (assertSafeBackendBundle). A malicious extension that ships a package.json… | ||
| CVE-2026-48689 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr,… | ||
| CVE-2026-3660 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application. | ||
| CVE-2026-9170 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation. | ||
| CVE-2026-8633 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | ||
| CVE-2026-7251 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the… | ||
| CVE-2026-47202 | Cri | 0.60 | — | 0.00 | May 26, 2026 | Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2. | ||
| CVE-2026-46624 | Cri | 0.57 | 9.9 | 0.00 | May 26, 2026 | Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute… | ||
| CVE-2026-44668 | Cri | 0.57 | 9.8 | 0.00 | May 26, 2026 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid session. Four action methods in… | ||
| CVE-2026-48904 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | ||
| CVE-2026-48902 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | ||
| CVE-2026-48899 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper access check allows privilege escalation through the com_users batch task. | ||
| CVE-2026-48898 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper access check allows privilege escalation through the com_users batch task. | ||
| CVE-2026-48691 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) +… | ||
| CVE-2026-45721 | Cri | 0.52 | 9.0 | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named… | ||
| CVE-2026-40383 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. | ||
| CVE-2026-35223 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper access check allows unauthorized access to com_config webservice endpoints. | ||
| CVE-2026-35222 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | ||
| CVE-2026-35221 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | ||
| CVE-2026-2264 | Cri | 0.60 | — | 0.00 | May 26, 2026 | A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure… | ||
| CVE-2026-48687 | Cri | 0.64 | 9.8 | 0.02 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter… | ||
| CVE-2026-48686 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet… | ||
| CVE-2026-4480 | Cri | 0.52 | 9.0 | 0.13 | May 26, 2026 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this… | ||
| CVE-2026-45247 | Cri | 0.76 | 9.8 | 0.28 | KEV | May 26, 2026 | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit… | |
| CVE-2026-9543 | Cri | 0.64 | 9.8 | 0.02 | May 26, 2026 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be… | ||
| CVE-2026-7374 | Cri | 0.64 | 9.9 | 0.01 | May 26, 2026 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket… | ||
| CVE-2026-42496 | Cri | 0.52 | 9.1 | 0.00 | May 26, 2026 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode… | ||
| CVE-2026-8376 | Cri | 0.57 | 9.8 | 0.00 | May 26, 2026 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified… | ||
| CVE-2026-42774 | Cri | 0.60 | 9.3 | 0.00 | May 25, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1. | ||
| CVE-2026-42773 | Cri | 0.60 | 9.3 | 0.00 | May 25, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2. | ||
| CVE-2026-9478 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The… | ||
| CVE-2026-9477 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command… | ||
| CVE-2026-9476 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The… | ||
| CVE-2026-9475 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation… | ||
| CVE-2026-9458 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack… | ||
| CVE-2026-9457 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The… |
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through <= 1.0.3.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce:…
- risk 0.58cvss —epss 0.02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,…
- risk 0.59cvss 9.1epss 0.00
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.
- risk 0.64cvss 9.8epss 0.03
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.57cvss 9.8epss 0.01
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to `otpl_login_action()` was placed only inside the OTP-generation…
- risk 0.52cvss 9.1epss 0.01
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path…
- risk 0.59cvss —epss 0.00
### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure…
- risk 0.55cvss 9.6epss 0.00
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using…
- risk 0.53cvss —epss 0.00
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a…
- risk 0.60cvss 9.3epss 0.00
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals (fetch, window, eval, etc.) with undefined. A static source validator…
- risk 0.64cvss 9.9epss 0.00
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an…
- risk 0.59cvss 9.1epss 0.00
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script…
- risk 0.59cvss 9.1epss 0.00
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan (assertSafeBackendBundle). A malicious extension that ships a package.json…
- risk 0.64cvss 9.8epss 0.01
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr,…
- risk 0.64cvss 9.8epss 0.01
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.
- risk 0.64cvss 9.8epss 0.00
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.
- risk 0.64cvss 9.8epss 0.01
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
- risk 0.64cvss 9.8epss 0.01
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the…
- risk 0.60cvss —epss 0.00
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.
- risk 0.57cvss 9.9epss 0.00
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute…
- risk 0.57cvss 9.8epss 0.00
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid session. Four action methods in…
- risk 0.64cvss 9.8epss 0.00
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
- risk 0.64cvss 9.8epss 0.00
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
- risk 0.64cvss 9.8epss 0.00
An improper access check allows privilege escalation through the com_users batch task.
- risk 0.64cvss 9.8epss 0.00
An improper access check allows privilege escalation through the com_users batch task.
- risk 0.64cvss 9.8epss 0.00
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) +…
- risk 0.52cvss 9.0epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named…
- risk 0.64cvss 9.8epss 0.00
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
- risk 0.64cvss 9.8epss 0.00
An improper access check allows unauthorized access to com_config webservice endpoints.
- risk 0.64cvss 9.8epss 0.00
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
- risk 0.64cvss 9.8epss 0.00
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
- risk 0.60cvss —epss 0.00
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure…
- risk 0.64cvss 9.8epss 0.02
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter…
- risk 0.64cvss 9.8epss 0.01
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet…
- risk 0.52cvss 9.0epss 0.13
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this…
- risk 0.76cvss 9.8epss 0.28
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit…
- risk 0.64cvss 9.8epss 0.02
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be…
- risk 0.64cvss 9.9epss 0.01
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket…
- risk 0.52cvss 9.1epss 0.00
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode…
- risk 0.57cvss 9.8epss 0.00
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified…
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store Manager: from n/a through 1.3.2.
- risk 0.64cvss 9.8epss 0.02
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The…
- risk 0.64cvss 9.8epss 0.02
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The…