Lucene search
+L

941 matches found

OSV
OSV
added 2026/07/08 8:6 p.m.5 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS6.1AI score0.00349EPSS
Exploits0References7
CVE
CVE
added 2026/07/08 7:52 p.m.17 views

CVE-2026-58213

NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...

7.1CVSS6AI score0.00441EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/07/08 7:52 p.m.36 views

CVE-2026-58213 NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS0.00441EPSS
Exploits0References8
OSV
OSV
added 2026/07/08 7:52 p.m.4 views

CVE-2026-58213 NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6.1AI score0.00441EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/07/08 7:40 p.m.6 views

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6AI score0.00463EPSS
Exploits0References7
CVE
CVE
added 2026/07/08 7:40 p.m.13 views

CVE-2026-58251

CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...

6.5CVSS6AI score0.00463EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56562

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An authenticated MQTT client can subscribe to the internal $MQTT.deliver.pubrel subject family. This action allows the client to bypass configured subscribe...

4.3CVSS6.1AI score0.00349EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.18 views

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 11:52 p.m.8 views

CVE-2026-6242 Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:52 p.m.9 views

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References4
CVE
CVE
added 2026/06/05 11:52 p.m.34 views

CVE-2026-6242

The CVE-2026-6242 entry describes an authenticated format-string vulnerability in the ONVIF Subscribe service of TP-Link Tapo C520WS v2. The root cause is improper handling of externally supplied parameters within formatting functions, enabling an attacker with valid credentials to inject crafted...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 11:52 p.m.47 views

CVE-2026-6242 Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS0.00174EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.5AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

6.5CVSS5.6AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.5AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.24 views

PT-2026-47079

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 5:9 p.m.47 views

CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/05/29 4:16 p.m.19 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS0.00278EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 3:45 p.m.10 views

CVE-2026-10068 Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 3:45 p.m.29 views

CVE-2026-10068

CVE-2026-10068 affects Shibby Tomato 1.28. The vulnerability lies in the SUBSCRIBE Call Handler’s miniupnpd component, specifically the send function in usr/sbin/miniupnpd, enabling server-side request forgery. The issue can be triggered remotely and is documented as affecting products superseded...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
Rows per page
Query Builder