Lucene search
K

87 matches found

CVE
CVE
added 2026/06/29 12:15 a.m.15 views

CVE-2026-13518

CVE-2026-13518 affects Tenda JD12L firmware 16.03.53.23. The vulnerability targets the function fromAddressNat in the file /goform/addressNat, where manipulation of the argument page causes a stack-based buffer overflow. Remote exploitation is possible, and the exploit has been disclosed publicly...

9CVSS7.6AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 12:15 a.m.8 views

EUVD-2026-40015

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the publ...

9CVSS7.6AI score0.00466EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:38 p.m.25 views

CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48709

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.35 views

CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:3 p.m.32 views

CVE-2026-42771

CVE-2026-42771 describes a vulnerability in OpenSSL where an internal helper used by X509_VERIFY_PARAM_set1_email/set2_email validates the local part of an email addresses and may not enforce the 64-octet limit, causing an out-of-bounds read. This can lead to a crash (DoS) when an application pro...

6.2CVSS5.6AI score0.0019EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47841

Issue summary: When the X509 VERIFY PARAM set1 email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so...

5.6AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.6 views

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

6.5CVSS5.5AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:37 p.m.32 views

CVE-2026-43880 WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

5.3CVSS0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 9:30 p.m.7 views

EUVD-2026-28437

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

5.8AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 8:16 p.m.12 views

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

6.5CVSS0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 7:54 p.m.43 views

CVE-2026-8142 CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

0.00115EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:54 p.m.7 views

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 7:54 p.m.20 views

CVE-2026-8142

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 7:54 p.m.7 views

CVE-2026-8142 CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

5.8AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.9 views

PT-2026-38572

Name of the Vulnerable Software and Affected Versions VINCE versions 3.0.38 and earlier Description Encoding confusion prevents the proper verification of the authenticity of the From address. This allows the From address to be used for unauthorized automated actions, such as ticket creation or...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

VINCE 安全漏洞

VINCE is an open-source CERT coordination center developed and used by the U.S. CERT Coordination Center. It serves as a platform for improving vulnerability disclosure efforts. Versions of VINCE prior to 3.0.38 contained security vulnerabilities. These vulnerabilities were caused by code...

6.5CVSS5.9AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/04/12 8:15 a.m.18 views

CVE-2026-6123

The CVE-2026-6123 entry concerns Tenda F451 1.0.0.7. Affected component: httpd, function fromAddressNat in /goform/addressNat. Root cause: manipulation of the argument entrys leads to a stack-based buffer overflow. Impact: remote code execution possible due to overflow; high confidentiality, inte...

9CVSS7.8AI score0.00518EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-5685

A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used...

9CVSS7.9AI score0.00694EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:30 p.m.6 views

CVE-2026-5685

A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used...

9CVSS7.9AI score0.00694EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder