Lucene search
K

22185 matches found

CVE
CVE
added 2026/01/23 7:46 a.m.165 views

CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.

2.9CVSS5.4AI score0.0017EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/23 7:46 a.m.30 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS0.0017EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/01/23 7:46 a.m.4 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS5.3AI score0.0017EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.4 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.1AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.5 views

ToDesktop Builder security vulnerabilities

ToDesktop Builder is a desktop application building tool developed by ToDesktop Company in Ireland. Version 0.33.0 of ToDesktop Builder contains a security vulnerability. This vulnerability stems from improper permissions granted to the custom URL scheme handler, which may allow attackers to invo...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4497

Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.33.0 Description A flaw exists in the Custom URL Scheme handler within ToDesktop Builder. Insufficient validation when invoking external protocol handlers from the renderer context allows attackers with...

7.1CVSS5.3AI score0.0022EPSS
Exploits0References6
OSV
OSV
added 2026/01/22 3:16 p.m.6 views

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

8.8CVSS5.7AI score0.02646EPSS
Exploits1References5
NVD
NVD
added 2026/01/22 3:16 p.m.4 views

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

8.8CVSS0.02646EPSS
Exploits1References5
NVD
NVD
added 2026/01/22 3:16 p.m.6 views

CVE-2026-1326

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

8.8CVSS0.03212EPSS
Exploits1References5
OSV
OSV
added 2026/01/22 3:16 p.m.8 views

CVE-2026-1326

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

8.8CVSS5.7AI score0.03212EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/22 2:2 p.m.3 views

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

8.8CVSS6.4AI score0.02646EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 1:2 p.m.5 views

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

9CVSS5.3AI score0.06437EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/22 1:2 p.m.19 views

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

9CVSS0.06437EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 1:2 p.m.4 views

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

9.8CVSS7.5AI score0.06437EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2026/01/22 11:5 a.m.6 views

HTTP Request Smuggling

io.vertx:vertx-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of / in the output buffer by removeDots function in Static Handler which allows the attacker can prevent access to static files by sending specifically crafted request URIs that exploit...

6.9CVSS6AI score0.00343EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/22 12:38 a.m.5 views

SUSE CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6.5CVSS5.4AI score0.0048EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27028)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27028 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointe...

6.5CVSS6.9AI score0.01176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.10 views

PT-2026-3932

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...

9.8CVSS7.2AI score0.06437EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-23147)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23147 advisory. - In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in...

5.5CVSS6.6AI score0.00176EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: keepalived (CVE-2024-41184)

The version of keepalived installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41184 advisory. - In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can...

9.8CVSS5.7AI score0.00616EPSS
Exploits0References2
Rows per page
Query Builder