Lucene search
K

3282 matches found

CVE
CVE
added 2026/06/03 12:0 a.m.20 views

CVE-2026-36608

The advisory concerns the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. A UPnP AddPortMapping issue allows an unauthenticated LAN attacker to forward external ports to the router’s admin interface by abusing the InternalClient field (accepting 192.168.1.1 or 127.0.0.1). This en...

8.8CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-45991

Name of the Vulnerable Software and Affected Versions Mercusys AC12G EU V1 version AC12GEU V1 200909 Description The device exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. Universal Plug and Play UPnP, a protocol that allow...

8.1CVSS5.6AI score0.00211EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 8:18 a.m.5 views

SUSE-SU-2026:21955-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References3
CVE
CVE
added 2026/05/31 9:11 p.m.28 views

CVE-2026-48210

CVE-2026-48210 concerns an improper default configuration in OTRS 2026.3.1 . The vulnerability makes ticket article forwarding enforce the “Is visible for customer” flag by default and prevents users from disabling it via the UI. This causes unintended exposure of internal ticket information to t...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/31 9:11 p.m.9 views

CVE-2026-48210 Possible information disclosure via External Interface

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/31 5:29 p.m.97 views

Exploit for Improper Authentication in Google Android

DEDSECBKIF DEDSECBKIF is a keystroke injection tool for Androi...

6.3CVSS7AI score0.07879EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.16 views

PT-2026-45213

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 7:16 p.m.12 views

CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:43 p.m.13 views

EUVD-2026-33399

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:43 p.m.15 views

CVE-2026-44652 SillyTavern: SSRF vulnerability in the CORS proxy middleware

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had code vulnerabilities. This vulnerability stemmed from the corsProxyMiddleware module, which directly forwarded req.params.url to fetchurl, .... This allowed loop request...

6.9CVSS5.9AI score0.00375EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:9 a.m.8 views

net: bridge: use a stable FDB dst snapshot in RCU readers

...

7CVSS5.4AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:32 p.m.12 views

CVE-2026-45322

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...

7.8CVSS5.7AI score0.01722EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 5:17 p.m.10 views

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/27 12:58 p.m.12 views

EUVD-2026-32469

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.8AI score0.00123EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/27 12:58 p.m.9 views

CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.55 views

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

7.9CVSS0.00121EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:16 a.m.18 views

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

...

9.1CVSS5.8AI score0.00346EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the net module using the unnecessary WARNONONCE macro when accessing the forwarding path array...

5.8AI score0.00156EPSS
Exploits0References7
Rows per page
Query Builder