7977 matches found
CVE-2026-44761
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...
CVE-2026-44761
SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...
The vulnerability of the team_port_add() function in the drivers/net/team/team_core.c file of the Linux kernel’s network device driver module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the teamportadd function in the drivers/net/team/teamcore.c file of the Linux kernel’s network device driver module is related to state management errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...
The vulnerability of the gs_usb_xmit_callback() function in the drivers/net/can/usb/gs_usb.c file of the Linux kernel’s CAN network device driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gsusbxmitcallback function in the drivers/net/can/usb/gsusb.c file of the Linux network device driver module is related to the failure to release resources after their useful life has ended. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of ImageMagick’s PSD format file processor allows attackers to compromise the confidentiality of protected information.
The vulnerability of ImageMagick’s PSD format file processor relates to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of the protected information...
The vulnerability of the console-based graphic editor ImageMagick arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the console-based graphic editor ImageMagick is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the integrity and accessibility of the protected information...
Use Of A Broken Or Risky Cryptographic Algorithm
BC-JAVA bcprov is vulnerable to the Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to flaws in the G3413CTRBlockCipher implementation, where the affected cryptographic algorithm can provide weakened cryptographic protection, allowing attackers to compromise the...
libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse
A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...
rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...
The vulnerability of the `alloc_choose_arg_map()` function in the `net/ceph/osdmap.c` module, which is part of the Linux kernel’s networking functions, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the allocchooseargmap function in the net/ceph/osdmap.c module, which is part of the Linux kernel’s networking functions, relates to the pointer manipulation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...
Vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to dependencies on behaviors that are uncertain for each type of implementation. Exploiting this vulnerability allows a malicious actor to compromise...
PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent
Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...
The vulnerability of the br_nd_send() function in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the brndsend function in the Linux operating system is related to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality and accessibility of protected information...
CVE-2026-52911
A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to gain unauthorized access to session information or resources by exploiting an improper scope in the session binding mechanism. This could potentially compromise the integrity or confidentiality o...
Vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to dependencies on behaviors that are uncertain for each type of implementation. Exploiting this vulnerability allows a malicious actor to compromise...
ROS-20260622-73-0017
The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel in versions prior to 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel. This allows anyone between the two endpoints to read the unencrypted...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel. A memory use-after-free vulnerability was identified in the perf subsystem, allowing a local attacker with permission to monitor perf events, thereby corrupting memory and potentially escalating privileges. The most significant threat of this vulnerabili...
The vulnerability of WebRTC technology in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of WebRTC technology in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...
Vulnerability of the DOM component: Device Interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the integrity and accessibility of protected information.
Vulnerability of the DOM component: Device interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to operations that go beyond the buffer in memory. Exploitation of this vulnerability can allow a remote attacker to compromise the integrity and accessibilit...