Lucene search
K

4496 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

Hitachi Energy RTU500 Integer Overflow or Wraparound (CVE-2026-25210)

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation, primarily causing Denial of Service and potentially confidentiality and integrity impact to the product. Product is only...

7.8CVSS7.2AI score0.00193EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.135 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.212 views

Zyxel NAS Firmware 5.21- Remote Code Execution

Multiple Zyxel network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using th...

10CVSS9.9AI score0.99988EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2026/06/14 3:49 a.m.10 views

CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/11 6:5 p.m.74 views

Exploit for Command Injection in Tp-Link Tapo_C200_Firmware

🔍 CVE-2021-4045: Vulnerabilidad de Inyección de Comandos en...

10CVSS8AI score0.72185EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2026/06/10 9:54 p.m.10 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/07 3:15 a.m.35 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS0.01681EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 3:15 a.m.10 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS5.2AI score0.01681EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-35969

Uncontrolled search path for some IntelR Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...

5.4CVSS5.3AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32958

SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...

6.9CVSS7.1AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS7.9AI score0.00274EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/05 5:5 a.m.17 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/03 8:8 a.m.11 views

TP-Link Archer BE450 and BE7200 vulnerable to OS command injection

Overview Archer BE450 and BE7200 provided by TP-Link contain the following vulnerability. OS command injection CWE-78 - CVE-2026-5509 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed...

8.5CVSS5.6AI score0.02458EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/31 6:16 p.m.101 views

Exploit for CVE-2022-42005

Tesla Security Research Vulnerability research on the Tesla M...

6.2AI score
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 7:4 p.m.10 views

CVE-2026-9037 Download of code without integrity check in XCharge C6

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:4 p.m.9 views

EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:4 p.m.38 views

CVE-2026-9037

The CVE-2026-9037 issue affects the XCharge C6 charging controller’s firmware update mechanism. The firmware update process does not validate the authenticity of firmware packages delivered via the device management interface, because cryptographic signatures are not verified. An attacker with ac...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:4 p.m.29 views

CVE-2026-9037 Download of code without integrity check in XCharge C6

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS0.00246EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

HP LaserJet Printers Insecure Default Initialization of Resource (CVE-2011-4161)

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables...

10CVSS6.2AI score0.13953EPSS
Exploits0References9
Rows per page
Query Builder