Lucene search
K

6946 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.13 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.14 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2026/06/06 12:4 p.m.11 views

RLSA-2026:23388 Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

7.5CVSS5.5AI score0.0076EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-28580

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.8 views

CVE-2026-31236

A flaw was found in the llm CLI tool. An attacker can exploit a code injection vulnerability by crafting a malicious command with arbitrary Python code in the --functions argument. If a victim is tricked into running this command, it leads to arbitrary code execution on their system, potentially...

9.8CVSS6AI score0.00327EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34261

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

6.5CVSS5.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44003

A flaw was found in vm2 before 3.11.0. A code transformer fast-path skips AST analysis when catch, import, and async are absent, allowing direct access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL and internal security functions handleException, wrapWith, import. Fixed in 3.11.0...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.7 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

7.2CVSS5.3AI score0.04544EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39371

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...

8.1CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 1:24 p.m.9 views

EUVD-2026-34831

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00197EPSS
Exploits2References2
NVD
NVD
added 2026/06/05 11:16 a.m.10 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:15 a.m.27 views

CVE-2026-21030

CVE-2026-21030 describes an improper access control issue in MediaTek Audio HAL prior to the SMR Jun-2026 Release 1, enabling local attackers to trigger privileged functions. The affected component is MediaTek Audio HAL; root cause is improper access control, with impact described as privileged a...

7.8CVSS5.5AI score0.00094EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.8 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.5AI score0.00094EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/05 10:15 a.m.9 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.4AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 10:15 a.m.10 views

EUVD-2026-34802

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Devices prior to the SMR Jun-2026 Release 1 version have security vulnerabilities. These vulnerabilities stem from improper access control, which may allo...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.8 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.7AI score0.00337EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 12:4 p.m.33 views

CVE-2026-45431

CVE-2026-45431 affects GX Earth ONT models. The issue stems from improper handling of user-supplied input in multiple diagnostic functions within the web management interface, enabling an authenticated remote attacker to inject commands and achieve remote code execution with root privileges. The ...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
Rows per page
Query Builder