{"source":"nvd-cve","name":"NVD CVE feed","kind":"widget","records":[{"id":"CVE-2026-4480","title":"CVE-2026-4480","subtitle":"A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the \"print command\" setting via the \"%J\"\nsubstitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.","value":"critical","href":""},{"id":"CVE-2026-4408","title":"CVE-2026-4408","subtitle":"A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the \"check password script\" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the \"check password script\" is used with %u and the samba-dcerpcd service is started as a system service.","value":"critical","href":""},{"id":"CVE-2026-45247","title":"CVE-2026-45247","subtitle":"Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.","value":"critical","href":""},{"id":"CVE-2026-44477","title":"CVE-2026-44477","subtitle":"CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ","value":"critical","href":""},{"id":"CVE-2026-46775","title":"CVE-2026-46775","subtitle":"Vulnerability in Oracle REST Data Services (component: Core).  Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services.  While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S","value":"critical","href":""},{"id":"CVE-2026-45323","title":"CVE-2026-45323","subtitle":"MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewing the card. This vulnerability is fixed in 0.3.3.","value":"critical","href":""},{"id":"CVE-2026-46833","title":"CVE-2026-46833","subtitle":"Vulnerability in the Net Service component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service.  While the vulnerability is in Net Service, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Net Service. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).","value":"critical","href":""},{"id":"CVE-2026-45353","title":"CVE-2026-45353","subtitle":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8,  This vulnerability is fixed in 3.9.0.","value":"critical","href":""},{"id":"CVE-2026-46819","title":"CVE-2026-46819","subtitle":"Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Procurement Connector.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Internet Procurement Connector accessible data as well as  unauthorized access to critical data or complete access to all Or","value":"critical","href":""},{"id":"CVE-2024-4228","title":"CVE-2024-4228","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.\n\nThis issue affects SSO (Single Sign On): from 1.0 before 1.1.","value":"critical","href":""},{"id":"CVE-2024-3375","title":"CVE-2024-3375","subtitle":"Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.","value":"critical","href":""},{"id":"CVE-2024-3373","title":"CVE-2024-3373","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.\n\nThis issue affects Website Template: before 1.2.","value":"critical","href":""},{"id":"CVE-2024-2865","title":"CVE-2024-2865","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.\n\nThis issue affects Quality Management System: through 25032024.","value":"critical","href":""},{"id":"CVE-2024-1744","title":"CVE-2024-1744","subtitle":"Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Accord ORS: before 7.3.2.1.","value":"critical","href":""},{"id":"CVE-2024-1202","title":"CVE-2024-1202","subtitle":"Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.\n\nThis issue affects Octopod: before v1. \n\nNOTE: The vendor was contacted and it was learned that the product is not supported.","value":"critical","href":""},{"id":"CVE-2024-1107","title":"CVE-2024-1107","subtitle":"Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Travel APPS: before v17.0.68.","value":"critical","href":""},{"id":"CVE-2024-1100","title":"CVE-2024-1100","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.\n\nThis issue affects DIGIKENT GIS: through 2.23.5.","value":"critical","href":""},{"id":"CVE-2024-0949","title":"CVE-2024-0949","subtitle":"Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.\n\nThis issue affects Elektraweb: before v17.0.68.","value":"critical","href":""},{"id":"CVE-2024-0947","title":"CVE-2024-0947","subtitle":"Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.\n\nThis issue affects Elektraweb: before v17.0.68.","value":"critical","href":""},{"id":"CVE-2024-0857","title":"CVE-2024-0857","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.\n\nThis issue affects FlexWater Corporate Water Management: before 5.452.0.","value":"critical","href":""},{"id":"CVE-2024-0851","title":"CVE-2024-0851","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.\n\nThis issue affects Smartpower: through V24.05.27.","value":"critical","href":""},{"id":"CVE-2024-0336","title":"CVE-2024-0336","subtitle":"Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects PDKS: from V3.04 before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","value":"critical","href":""},{"id":"CVE-2026-33728","title":"CVE-2026-33728","subtitle":"dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, dd-trace-java is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, a JMX/RMI port ha","value":"critical","href":""},{"id":"CVE-2024-6684","title":"CVE-2024-6684","subtitle":"Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.\n\nThis issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.","value":"critical","href":""},{"id":"CVE-2024-6445","title":"CVE-2024-6445","subtitle":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.\n\nThis issue affects DataDiodeX: from v3.0.0 before v3.1.7.","value":"critical","href":""},{"id":"CVE-2024-6401","title":"CVE-2024-6401","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.\n\nThis issue affects InsureE GL: before 4.6.2.","value":"critical","href":""},{"id":"CVE-2024-5960","title":"CVE-2024-5960","subtitle":"Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.\n\nThis issue affects Panel: before v2.3.24.","value":"critical","href":""},{"id":"CVE-2024-5959","title":"CVE-2024-5959","subtitle":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.\n\nThis issue affects Panel: before v2.3.24.","value":"critical","href":""},{"id":"CVE-2024-5958","title":"CVE-2024-5958","subtitle":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.\n\nThis issue affects Panel: before v2.3.24.","value":"critical","href":""},{"id":"CVE-2024-5683","title":"CVE-2024-5683","subtitle":"Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.\n\nThis issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.","value":"critical","href":""}],"count":30,"generated_at":"2026-06-04T08:41:22.947Z"}