126798 matches found
EUVD-2026-41651
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-57987
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41649
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41648
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-57983
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-41647
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-56645
Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...
Intelbras WIN 300/WRN 342 - Credentials Disclosure
Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...
Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)
Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...
TOTOLink - Unauthenticated Command Injection
TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter. id: CVE-2022-25082 info: name: TOTOLink -...
Geutebruck - Remote Command Injection
Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-33544 info: name: Geutebruck - Remote Command Injection author: gy741 severit...
Oracle WebLogic Server - Remote Code Execution
Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...
KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...
Gradio - Server-Side Request Forgery
A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...
Oracle E-Business Suite - Blind SSRF
Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...
CVE-2026-56015 Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length
Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...
CVE-2026-54891
A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...
CVE-2026-58653
creationtimestamp| type| source ---|---|--- 2026-07-03 04:07:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mppobtmlft22 2026-07-03 12:05:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqiy6folx2b...