Lucene search
K

67 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22323

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows code injection. Insufficient input validation in certain parameters may permit unexpected...

9.8CVSS6AI score0.00392EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References3
NVD
NVD
added 2026/02/05 7:15 p.m.5 views

CVE-2026-1301

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 7:9 p.m.3 views

CVE-2026-1301

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS5.3AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 7:9 p.m.7 views

EUVD-2026-5530

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS5.3AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 12:16 p.m.7 views

CVE-2026-23796

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6627

Name of the Vulnerable Software and Affected Versions Versions prior to 2026-1301 Description A specially crafted JSON message can cause a heap overflow in the PubSub JSON decoder before authentication. This can lead to a process crash and memory corruption. The issue occurs in builds with PubSub...

6.8CVSS5.5AI score0.00343EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

o6 Automation Open62541 缓冲区错误漏洞

o6 Automation Open62541 is an industrial automation toolset developed by the German company o6 Automation. o6 Automation Open62541 contains a buffer error vulnerability; this vulnerability arises from specially crafted JSON messages that may cause the decoder to write data beyond the allocated he...

6.8CVSS6AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.8 views

CVE-2025-63529

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating...

8.8CVSS7AI score0.00328EPSS
Exploits1References1
OSV
OSV
added 2025/10/17 4:3 p.m.7 views

CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

7.5CVSS6.7AI score0.00655EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2012-6582

Malware in sbrugna...

9.3CVSS6.3AI score0.01462EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.16 views

CVE-2012-10053

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf without proper bounds checking, leading to a buffer overflow on the stack. This...

9.3CVSS8.3AI score0.01462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.6 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00665EPSS
Exploits1References1
OSV
OSV
added 2023/03/27 3:15 p.m.4 views

CVE-2023-1139

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

8.8CVSS7.8AI score0.01255EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4119

FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service NULL pointer dereference and application crash by disconnecting before authentication has finished...

7.5CVSS7AI score0.04327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.6 views

SUSE CVE-2017-5495

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP port...

7.5CVSS6.5AI score0.18803EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...

7.4CVSS7.5AI score0.10114EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

PrinterLogic Web Stack 命令注入漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native web application from PrinterLogic, Inc. Enables It departments to manage and automate the creation/dissemination of Printer Objects and Printer Drivers across print environments from a single management console. A command injection...

9.3CVSS8.5AI score0.05662EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/01/29 12:0 a.m.5 views

D-Link DIR-825 缓冲区错误漏洞

The D-Link DIR-825 is a router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in D-Link DIR-825 R1 devices 3.0.1 and earlier versions, which originates from a buffer overflow in the web interface and can be exploited by an attacker to achieve remote code execution prior ...

10CVSS8.2AI score0.5432EPSS
Exploits1References3
CNVD
CNVD
added 2021/01/18 12:0 a.m.1 views

Theonedev Onedev Injection Vulnerability

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An injection vulnerabili...

10CVSS7.8AI score0.74191EPSS
Exploits0References1
Rows per page
Query Builder