Lucene search
K

2890 matches found

Cvelist
Cvelist
added 10 hours ago9 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS
Exploits0References1
Nuclei
Nuclei
added 11 hours ago45 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.3AI score0.01937EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago163 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.3AI score0.17894EPSS
Exploits1References2
OSV
OSV
added 5 days ago5 views

USN-8498-1 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References298
OSV
OSV
added 5 days ago5 views

USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.139 views

ZyXel USG - Hardcoded Credentials

A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...

10CVSS7.6AI score0.90049EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and...

5.5CVSS6.1AI score0.00168EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 8:16 a.m.4 views

CVE-2026-53152

A flaw was found in the Linux kernel's dwmmc-rockchip driver. This vulnerability occurs because older controllers such as rk2928, rk3066, and rk3188 lack necessary private data. When the system attempts to access this missing data, it results in a NULL-pointer dereference. This can lead to system...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.6 views

SUSE CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53152

CVE-2026-53152 affects the Linux kernel dw_mmc-rockchip driver. Older RK SoCs (rk2928, rk3066, rk3188) lacked required private data, leading to NULL-pointer dereferences when the init code accessed missing phase/driver data. The vulnerability is resolved by the commit ff6f0286c896, which adds the...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39243

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00168EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS5.7AI score0.00168EPSS
Exploits0
EUVD
EUVD
added 2026/06/22 11:43 a.m.10 views

EUVD-2026-38225

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS6AI score0.00362EPSS
Exploits0References16
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Samba

A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.16 views

CVE-2026-9307

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

6.3CVSS0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 3:16 p.m.13 views

CVE-2025-11694

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 1:42 p.m.6 views

CVE-2026-9307 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

6.3CVSS5.3AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 1:42 p.m.30 views

CVE-2026-9307

The CVE-2026-9307 issue affects CompactLogix 5370 controllers where the web server exposes CIP Connection IDs on the diagnostics page to unauthenticated users, enabling an attacker to craft malicious packets and cause Denial-of-Service. The available documents do not specify affected firmware ver...

6.3CVSS5.3AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder