5.3

CVSS4.0

CVE-2026-3066 - HummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injection

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command i…

📅 Published: Feb. 24, 2026, 3:02 a.m. 🔄 Last Modified: Feb. 24, 2026, 3:02 a.m.

6.9

CVSS4.0

CVE-2026-27461 - Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized…

📅 Published: Feb. 24, 2026, 2:50 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:50 a.m.

7.2

CVSS3.1

CVE-2026-1459 -

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected devi…

📅 Published: Feb. 24, 2026, 2:48 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:48 a.m.

5.7

CVSS4.0

CVE-2026-27129 - Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only AAAA (IPv6) records, the function returns th…

📅 Published: Feb. 24, 2026, 2:45 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:45 a.m.

6.9

CVSS4.0

CVE-2026-27128 - Craft CMS's race condition in Token Service potentially allows for token usage greater than the tok…

Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The `getTokenRoute()` method reads a tok…

📅 Published: Feb. 24, 2026, 2:42 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:42 a.m.

7

CVSS4.0

CVE-2026-27127 - Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use (TOCTOU) vulnerability enables DNS rebin…

📅 Published: Feb. 24, 2026, 2:39 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:39 a.m.

8.8

CVSS3.1

CVE-2025-13943 -

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

📅 Published: Feb. 24, 2026, 2:38 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:38 a.m.

9.8

CVSS3.1

CVE-2025-13942 -

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

📅 Published: Feb. 24, 2026, 2:32 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:32 a.m.

5.3

CVSS4.0

CVE-2026-3065 - HummerRisk Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult command in…

A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the a…

📅 Published: Feb. 24, 2026, 2:32 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:32 a.m.

5.3

CVSS4.0

CVE-2026-3064 - HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launched …

📅 Published: Feb. 24, 2026, 2:32 a.m. 🔄 Last Modified: Feb. 24, 2026, 2:32 a.m.
Total resulsts: 334424
Page 2 of 33,443
« previous page » next page
Filters