Lucene search
K

1849 matches found

CVE
CVE
added 6 days ago16 views

CVE-2026-14629

RT-Thread up to 5.2.2 contains a vulnerability in the Parameter Handler’s lwp_syscall.c, affecting the read/write/sys_ioctl functions. The root cause is a divide-by-zero condition, exploitable remotely. The exploit has been published, and a patch is pending acceptance via a pull request. No remed...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago14 views

PT-2026-55706

Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.2.3 Description A flaw in the Parameter Handler component allows a remote attacker to cause a divide by zero error. This issue occurs within the read, write, and sys ioctl functions located in the components/lwp/l...

5.3CVSS6AI score0.00309EPSS
Exploits0References13
NVD
NVD
added last week7 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS0.00119EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/29 6:43 a.m.12 views

EUVD-2026-33255

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.13 views

CVE-2026-8368

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.11 views

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

...

6.5CVSS5.8AI score0.00266EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/13 2:25 p.m.11 views

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.3CVSS5.8AI score0.00266EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/12 3:16 p.m.12 views

CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 2:1 p.m.8 views

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.8AI score0.00266EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

LWP::UserAgent 安全漏洞

LWP::UserAgent is a web user agent class open source from libwww-perl, used for sending HTTP requests. Versions of LWP::UserAgent prior to version 6.83 have security vulnerabilities. These vulnerabilities stem from improper handling of the Authorization and Proxy-Authorization headers during...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1
Gitee
Gitee
added 2025/09/06 8:39 p.m.89 views

Crypt-SSLeay

This is a Perl module called Crypt::SSLeay, which provides OpenSSL support for LWP Library for WWW in Perl. The module is used to handle SSL/TLS connections and is part of the LWP distribution. The module has a version of 0.7304 and is maintained by A. Sinan Unur, David Landgren, Joshua Chamas, a...

7.1AI score
Exploits0
OSV
OSV
added 2025/06/09 8:31 a.m.6 views

CVE-2025-5869 RT-Thread lwp_syscall.c sys_recvfrom memory corruption

A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sysrecvfrom of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument from leads to memory corruption...

8.6CVSS6.9AI score0.00744EPSS
Exploits1References6
OSV
OSV
added 2025/06/09 8:0 a.m.5 views

CVE-2025-5868 RT-Thread lwp_syscall.c sys_thread_sigprocmask array index

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function systhreadsigprocmask of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument how leads to improper validation of array index...

8.6CVSS6.8AI score0.01018EPSS
Exploits1References6
OSV
OSV
added 2025/06/09 7:31 a.m.4 views

CVE-2025-5867 RT-Thread lwp_syscall.c csys_sendto null pointer dereference

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csyssendto of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument to leads to null pointer dereference...

8.6CVSS7AI score0.01008EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.6 views

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.1.0, which stems from a null pointer dereference due to the operation of the parameter to in the file rt-thread/components/lwp/lwpsyscall.c. The...

9.8CVSS7.8AI score0.01008EPSS
Exploits1References4
OSV
OSV
added 2025/02/08 10:0 a.m.4 views

CVE-2025-1115 RT-Thread lwp_syscall.c sys_timer_settime information disclosure

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function...

4.8CVSS5.1AI score0.00289EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/02/08 12:0 a.m.4 views

PT-2025-6016 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A problematic vulnerability was found in RT-Thread. The issue affects the sys thread create function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument arg0 leads t...

4.8CVSS4.3AI score0.00289EPSS
Exploits1References11
OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:10239-1 perl-LWP-Protocol-https-6.06-1.4 on GA media

These are all security issues fixed in the perl-LWP-Protocol-https-6.06-1.4 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.7AI score0.01602EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.304 views

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

7.1AI score
Exploits0
Rows per page
Query Builder