Lucene search
K

14253 matches found

EUVD
EUVD
‱added 2026/06/17 8:5 p.m.‱8 views

EUVD-2026-37793

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/17 8:5 p.m.‱24 views

CVE-2026-32682

The CVE-2026-32682 entry concerns NGINX Gateway Fabric. The vulnerability arises when GRPCRoutes are configured; an authenticated user with permission to create or modify GRPCRoute resources can cause the control plane to terminate by sending undisclosed GRPCRoute configurations containing backen...

7.1CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
EUVD
EUVD
‱added 2026/06/17 8:4 p.m.‱9 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
Cvelist
Cvelist
‱added 2026/06/17 4:17 p.m.‱20 views

CVE-2026-20220 Cisco Crosswork Network Controller Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS0.00253EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/17 4:17 p.m.‱20 views

CVE-2026-20220

Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...

6.3CVSS6.2AI score0.00253EPSS
Exploits0References1Affected Software1
CVE
CVE
‱added 2026/06/17 4:16 p.m.‱85 views

CVE-2026-20181

Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...

9.1CVSS5.9AI score0.00748EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
‱added 2026/06/17 2:4 p.m.‱22 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
RedHat Linux
RedHat Linux
‱added 2026/06/17 10:41 a.m.‱7 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
‱added 2026/06/17 10:41 a.m.‱6 views

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS6.1AI score0.01286EPSS
Exploits4References6
Positive Technologies
Positive Technologies
‱added 2026/06/17 12:0 a.m.‱19 views

PT-2026-50533

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description When configured using GRPCRoutes, an authenticated remote attacker with permissions to create or modify GRPCRoute resources can cause the control plane to terminate. This occurs ...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
‱added 2026/06/16 9:32 p.m.‱10 views

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References2
CVE
CVE
‱added 2026/06/16 6:36 p.m.‱10 views

CVE-2026-22313

The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References1
Snyk
Snyk
‱added 2026/06/16 5:34 p.m.‱6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References2
Cvelist
Cvelist
‱added 2026/06/16 4:4 p.m.‱27 views

CVE-2024-30476

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

5.4CVSS0.00199EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/16 3:24 p.m.‱14 views

CVE-2024-24909

The CVE affects Dell OpenManage Integration with Microsoft Windows Admin Center, specifically the gateway plugin, which contains a Remote Code Execution vulnerability. A remote authenticated user could potentially escalate privileges and run arbitrary code remotely, with a CVSS v3.1 base score of...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References1
RedHat Linux
RedHat Linux
‱added 2026/06/16 1:39 p.m.‱7 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
‱added 2026/06/16 1:39 p.m.‱8 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
‱added 2026/06/16 12:14 p.m.‱227 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
NVD
NVD
‱added 2026/06/16 10:16 a.m.‱9 views

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS0.0024EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/16 8:51 a.m.‱12 views

CVE-2026-10825

Technical details such as affected products, specific versions, root-cause, and exploit information are not publicly provided in the supplied documents; monitor for updates.

7.1CVSS5.2AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder