Lucene search
K

3178 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS6AI score0.41694EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-48862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS5.5AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS5.5AI score0.00185EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/05 3:48 p.m.6 views

CVE-2026-48103

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...

7.1CVSS5.3AI score0.00225EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:57 p.m.6 views

CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

8.8CVSS6.4AI score0.00938EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 6:7 a.m.18 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

8.1CVSS5.6AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-47013

Name of the Vulnerable Software and Affected Versions NetMan version 204 Description NetMan contains a hard-coded backdoor account with the username and password eurek that provides administrative access. A remote, unauthenticated attacker can authenticate through the "/cgi-bin/login.cgi" endpoin...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/04 10:39 p.m.11 views

CVE-2023-5502 On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication...

8.2CVSS5.5AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 10:39 p.m.28 views

CVE-2023-5502 On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication...

8.2CVSS0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 4:1 p.m.14 views

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

6.4CVSS5.8AI score0.00139EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 2:15 p.m.12 views

Insertion of Sensitive Information Into Sent Data

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the setProxy function. An attacker can obtain sensitive proxy credentials by controlling a redirect target and causin...

8.7CVSS5.4AI score0.00532EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20174

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the possibility for malicious attackers to bypass the 802.1x authentication requirements when...

8.2CVSS5.4AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.15 views

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

6.4CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 4:9 p.m.13 views

EUVD-2026-34137

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/03 4:9 p.m.10 views

CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS7.6AI score0.41694EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 4:9 p.m.10 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS7.6AI score0.41694EPSS
In wildExploits3References2Affected Software1
Cvelist
Cvelist
added 2026/06/03 4:9 p.m.72 views

CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS0.41694EPSS
Exploits3References1
Cisco
Cisco
added 2026/06/03 4:0 p.m.36 views

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.65 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 14SU6 Cisco Unified Communications Manager versions prior to 15SU5 Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An...

8.6CVSS7.7AI score0.41694EPSS
Exploits3References177
Rows per page
Query Builder