Lucene search
+L

753 matches found

nvd
nvd
added 2026/06/18 2:17 p.m.12 views

CVE-2026-40456

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS0.00947EPSS
Exploits0References3
osv
osv
added 2026/06/18 1:56 p.m.5 views

GHSA-VXGJ-XG5C-P4H7 praisonaiagents: SSRF guard validates literal IPs only and never resolves DNS

praisonaiagents: SSRF guard validates literal IPs only and never resolves DNS Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI Weakness: CWE-918 Server-Side Request Forgery SSRF. --- Summary The SSRF gua...

8.5CVSS5.4AI score
Exploits0References2
cvelist
cvelist
added 2026/06/16 1:39 p.m.34 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS0.0017EPSS
Exploits0References1
cve
cve
added 2026/06/16 1:39 p.m.46 views

CVE-2025-11694

The CVE-2025-11694 issue affects 1769 CompactLogix controllers (CIP protocol). The root cause is missing validation of sequence numbers and source IP addresses, enabling an attacker to abuse exposed Connection IDs visible on the web interface to trigger denial-of-service conditions resulting in a...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/16 1:39 p.m.7 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
susecve
susecve
added 2026/06/13 2:19 a.m.52 views

SUSE CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

5.3CVSS5.3AI score0.00684EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/12 2:6 p.m.9 views

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.3AI score0.00143EPSS
Exploits0References2
redhat
redhat
added 2026/06/11 1:24 p.m.13 views

openssl: NULL pointer dereference in QUIC server initial packet handling

A flaw was found in the OpenSSL QUIC Quick UDP Internet Connections server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References4
redhat
redhat
added 2026/06/11 1:9 p.m.9 views

openssl: NULL pointer dereference in QUIC server initial packet handling

A flaw was found in the OpenSSL QUIC Quick UDP Internet Connections server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/10 1:31 p.m.15 views

CVE-2026-42764

A flaw was found in the OpenSSL QUIC Quick UDP Internet Connections server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References3
nessus
nessus
added 2026/06/10 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-42764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation...

7.5CVSS5.9AI score0.00684EPSS
Exploits0References3
snyk
snyk
added 2026/06/09 6:33 p.m.12 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the QUIC server when address validation is disabled. An attacker can crash the server by sending an initial packet with an invalid or expired token. Address validation is enabled by default, so this is...

8.7CVSS7.1AI score0.00684EPSS
Exploits0References2
euvd
euvd
added 2026/06/09 6:30 p.m.13 views

EUVD-2026-35481

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References5
nvd
nvd
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS0.00684EPSS
Exploits0References4
osv
osv
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/09 4:3 p.m.36 views

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

0.00684EPSS
Exploits0References4
osv
osv
added 2026/06/09 4:3 p.m.1 views

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS7.1AI score0.00684EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/09 4:3 p.m.10 views

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

5.5AI score0.00684EPSS
Exploits0References4
cve
cve
added 2026/06/09 4:3 p.m.50 views

CVE-2026-42764

In OpenSSL’s QUIC server implementation, receiving a QUIC initial packet with an invalid or expired token can trigger a NULL pointer dereference, potentially crashing the server and causing a Denial of Service. The issue occurs when address validation is disabled, specifically when SSL_LISTENER_F...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References4Affected Software1
alpinelinux
alpinelinux
added 2026/06/09 4:3 p.m.10 views

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0
Rows per page
Query Builder