Fri, May 22 · 02:16 AM CDTCVE-2026-34908
10.0/10 · Must read/watchNVDvuln
Summary
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVECVE-2026-34908
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 02:16 AM CDT
ModifiedWed, Jun 24 · 05:17 AM CDT
Fri, May 22 · 02:16 AM CDTCVE-2026-34909
10.0/10 · Must read/watchNVDvuln
Summary
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CVECVE-2026-34909
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 02:16 AM CDT
ModifiedWed, Jun 24 · 05:17 AM CDT
Fri, May 22 · 02:16 AM CDTCVE-2026-34910
10.0/10 · Must read/watchNVDvuln
Summary
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVECVE-2026-34910
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 02:16 AM CDT
ModifiedWed, Jun 24 · 05:17 AM CDT
Sat, Sep 03 · 08:59 PM CDTCVE-2015-5719
9.8/10 · Must read/watchNVDvuln
Summary
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
CVECVE-2015-5719
SeverityCRITICAL
TypeUPDATED
PublishedSat, Sep 03 · 08:59 PM CDT
ModifiedTue, Jun 23 · 01:42 PM CDT
Sat, Sep 03 · 08:59 PM CDTCVE-2015-5721
9.8/10 · Must read/watchNVDvuln
Summary
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
CVECVE-2015-5721
SeverityCRITICAL
TypeUPDATED
PublishedSat, Sep 03 · 08:59 PM CDT
ModifiedTue, Jun 23 · 01:42 PM CDT
Sat, Nov 11 · 01:15 AM CSTCVE-2023-46850
9.8/10 · Must read/watchNVDvuln
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
CVECVE-2023-46850
SeverityCRITICAL
TypeUPDATED
PublishedSat, Nov 11 · 01:15 AM CST
ModifiedTue, Jun 23 · 10:16 PM CDT
Fri, Nov 17 · 05:15 AM CSTCVE-2023-48655
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
CVECVE-2023-48655
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 17 · 05:15 AM CST
ModifiedTue, Jun 23 · 01:42 PM CDT
Fri, Nov 17 · 05:15 AM CSTCVE-2023-48656
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVECVE-2023-48656
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 17 · 05:15 AM CST
ModifiedTue, Jun 23 · 01:42 PM CDT
Fri, Nov 17 · 05:15 AM CSTCVE-2023-48657
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVECVE-2023-48657
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 17 · 05:15 AM CST
ModifiedTue, Jun 23 · 01:42 PM CDT
Fri, Nov 17 · 05:15 AM CSTCVE-2023-48658
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
CVECVE-2023-48658
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 17 · 05:15 AM CST
ModifiedTue, Jun 23 · 01:42 PM CDT
Fri, Nov 17 · 05:15 AM CSTCVE-2023-48659
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
CVECVE-2023-48659
SeverityCRITICAL
TypeUPDATED
PublishedFri, Nov 17 · 05:15 AM CST
ModifiedTue, Jun 23 · 01:42 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67035
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts.
CVECVE-2025-67035
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67038
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected
CVECVE-2025-67038
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedWed, Jun 24 · 05:17 AM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67041
9.8/10 · Must read/watchNVDvuln
Summary
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
CVECVE-2025-67041
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-70082
9.8/10 · Must read/watchNVDvuln
Summary
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
CVECVE-2025-70082
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, Aug 10 · 08:15 PM CDTCVE-2021-33643
9.1/10 · Must read/watchNVDvuln
Summary
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVECVE-2021-33643
SeverityCRITICAL
TypeUPDATED
PublishedWed, Aug 10 · 08:15 PM CDT
ModifiedTue, Jun 23 · 04:16 PM CDT
Wed, Aug 10 · 08:15 PM CDTCVE-2022-35293
9.1/10 · Must read/watchNVDvuln
Summary
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
CVECVE-2022-35293
SeverityCRITICAL
TypeUPDATED
PublishedWed, Aug 10 · 08:15 PM CDT
ModifiedTue, Jun 23 · 04:16 PM CDT
Wed, Oct 25 · 09:15 PM CDTCVE-2023-46233
9.1/10 · Must read/watchNVDvuln
Summary
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since
CVECVE-2023-46233
SeverityCRITICAL
TypeUPDATED
PublishedWed, Oct 25 · 09:15 PM CDT
ModifiedTue, Jun 23 · 06:17 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67039
9.1/10 · Must read/watchNVDvuln
Summary
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
CVECVE-2025-67039
SeverityCRITICAL
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, Dec 27 · 11:15 PM CSTCVE-2023-6879
9.0/10 · Must read/watchNVDvuln
Summary
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
CVECVE-2023-6879
SeverityCRITICAL
TypeUPDATED
PublishedWed, Dec 27 · 11:15 PM CST
ModifiedTue, Jun 23 · 06:17 PM CDT
Fri, May 13 · 10:55 PM CDTCVE-2011-0627
8.8/10 · Worth your timeNVDvuln
Summary
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with
CVECVE-2011-0627
SeverityHIGH
TypeUPDATED
PublishedFri, May 13 · 10:55 PM CDT
ModifiedTue, Jun 23 · 04:16 PM CDT
Mon, Aug 08 · 02:15 PM CDTCVE-2022-2356
8.8/10 · Worth your timeNVDvuln
Summary
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
CVECVE-2022-2356
SeverityHIGH
TypeUPDATED
PublishedMon, Aug 08 · 02:15 PM CDT
ModifiedTue, Jun 23 · 04:16 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67034
8.8/10 · Worth your timeNVDvuln
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
CVECVE-2025-67034
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, Mar 11 · 05:16 PM CDTCVE-2025-67036
8.8/10 · Worth your timeNVDvuln
Summary
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.
CVECVE-2025-67036
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 11 · 05:16 PM CDT
ModifiedTue, Jun 23 · 07:09 PM CDT
Wed, May 13 · 04:16 PM CDTCVE-2026-41957
8.8/10 · Worth your timeNVDvuln
Summary
An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVECVE-2026-41957
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 04:16 PM CDT
ModifiedTue, Jun 23 · 01:55 PM CDT