Lucene search
K

527 matches found

OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xe eu stall stream close function. The drm dev put function is called before the stream is disabled and its resources are freed. If this call drops t...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References6
Debian CVE
Debian CVE
added last week5 views

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.8AI score0.00115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51892

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL dereference exists in the nf osf ttl function within the netfilter nfnetlink osf module. The function accessed skb-dev to perform a local interface address lookup withou...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data. The original logic for getting mma8452data is incorrect. The dev points to the device belonging to iiodev. We cannot use this dev to find the correct i2cclient. The...

5.5CVSS6.1AI score0.00237EPSS
Exploits0References2
CERT
CERT
added 2026/06/17 12:0 a.m.6 views

SignalRGB kernel driver contains improper access control and IOCTL vulnerabilities

Overview The SignalRGB kernel driver, SignalIo.sys, contains two vulnerabilities involving improper access control and unsafe memory handling. The device object is created with an overly permissive Discretionary Access Control List DACL that allows user-mode processes to access privileged hardwar...

7.5CVSS5.5AI score0.00278EPSS
Exploits0
NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.7 views

PT-2026-52482

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficiently protected credentials stored within firmware or system files may allow an unauthenticated attacker to gain unauthorized access and expose sensitiv...

8.7CVSS7AI score0.00247EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33570

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.4AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 10:38 a.m.18 views

CVE-2026-35075

CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 10:38 a.m.47 views

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS0.00466EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 10:38 a.m.12 views

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:38 a.m.7 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 5:11 p.m.12 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with on-chip select control in the spi microchip-core-qspi component. This vulnerability...

5.8AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 3:29 p.m.14 views

CVE-2026-43498

A flaw was found in the Linux kernel's accel/ivpu module. This vulnerability allows for the re-exporting of imported Graphics Execution Manager GEM buffers. When these buffers are re-exported, it leads to a loss of their original flag settings, which can result in incorrect device access and...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/21 12:17 p.m.44 views

CVE-2026-43498 accel/ivpu: Disallow re-exporting imported GEM objects

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

7.8CVSS0.00113EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 12:17 p.m.13 views

EUVD-2026-31272

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

5.9AI score0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.14 views

CVE-2026-36738

CVE-2026-36738 affects the U-SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18-21K, V1.0). The UART interface is exposed with no authentication/authorization, allowing a physically present attacker to access device functionality unrestrictedly. Documents do not specify affected firmware versions, exp...

6.8CVSS5.8AI score0.00299EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.9 views

CVE-2026-36738

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

5.8AI score0.00299EPSS
Exploits1References2
Rows per page
Query Builder