Lucene search
K

555 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.3 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 8:17 p.m.2 views

CRLF Injection

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection via the upgrade option of the client.request function. An attacker can inject malicious data into HTTP headers or prematurely terminate HTTP requests by...

6.5CVSS5.9AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4638 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora

WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora...

7.6CVSS5.8AI score0.00255EPSS
Exploits1References4
OSV
OSV
added 2026/03/06 12:42 p.m.6 views

OESA-2026-1519 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: A malicious server can trigger a client-side heap buffer overflow, causing a crash DoS and potential heap...

9.8CVSS6.4AI score0.00756EPSS
Exploits18References28
Cvelist
Cvelist
added 2026/03/05 3:27 p.m.32 views

CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

8.7CVSS0.00271EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/02/23 1:45 a.m.23 views

freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution.

A flaw was found in FreeRDP. A malicious server can exploit an out-of-bounds read/write vulnerability in the ClearCodec component by sending crafted RDPGFX surface updates. This can trigger a client-side heap buffer overflow, leading to a crash Denial of Service DoS and potential heap corruption...

9.8CVSS6AI score0.00443EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5305

Name of the Vulnerable Software and Affected Versions B&R PVI client versions prior to 6.5 Description An issue exists in B&R PVI client where an authenticated local attacker may be able to gather credential information. This occurs through the insertion of sensitive information into log files. T...

5.1CVSS5.8AI score0.00103EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/19 6:16 p.m.4 views

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

9.8CVSS5.9AI score0.00402EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client's...

9.8CVSS6AI score0.00434EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/16 12:0 a.m.18 views

CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

8.1CVSS0.00879EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 12:0 a.m.25 views

CVE-2025-62291

CVE-2025-62291 affects the eap-mschapv2 plugin in strongSwan (client-side). Vulnerable when using strongSwan before 6.0.3; a crafted EAP-MSCHAPv2 Failure message can trigger an integer underflow, potentially causing a heap-based buffer overflow. Connected advisories note patched packages: strongS...

8.1CVSS6.6AI score0.00879EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/01/16 12:0 a.m.9 views

CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

8.1CVSS6.8AI score0.00879EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.5 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in mbedtls

In Mbed TLS versions prior to 2.28.10, and 3.x versions prior to 3.6.3, on the client side, servers with trusted certificates for arbitrary hostnames are accepted, unless the TLS client application calls mbedtlssslsethostname...

5.4CVSS6AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.10 views

CVE-2021-22980

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows could allow an attacker to load a malicious DLL library from its current directory. User...

7.8CVSS6.7AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.8 views

CVE-2019-20362

In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILESX86%\Teradici\PCoIP.exe instead of the intended pcoipvchanprintingsvc.exe file...

7.8CVSS7.1AI score0.00661EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.12 views

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...

10CVSS7AI score0.03103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.13 views

CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies Logical Flaw...

9.8CVSS7AI score0.04116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.13 views

CVE-2019-12579

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpnlauncher.64 binary is setuid root. This binary accepts several...

7.8CVSS7.3AI score0.00808EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.6 views

CVE-2022-50799 Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the...

7.5CVSS6.3AI score0.00358EPSS
Exploits1References4
Rows per page
Query Builder