38271 matches found
Intelbras NPLUG 1.0.0.14 - Authentication Bypass
Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...
AVTECH DVR - Login Verification Code Bypass
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...
GTranslate < 2.8.65 - Cross-Site Scripting
In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...
SAP Internet Graphics Server (IGS) - XML External Entity Injection
SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...
EUVD-2026-44918
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal...
CVE-2026-53366 ipv4: account for fraggap on the paged allocation path
In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In ipappenddata, when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen;...
CVE-2026-47083
Cyrus IMAPd up to 3.12.2 contains a cross-user ESEARCH content oracle: an authenticated IMAP user can enumerate folder names under any account they can name, with search returning message UIDs (no full content access). Root cause: ESEARCH handling exposes per-account folder/UID metadata to other ...
Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409, CVE-2026-15410)
Overview On July 14, 2026, SonicWall published a security advisory addressing two vulnerabilities affecting SMA1000 Series remote access appliances, including the critical server-side request forgery SSRF vulnerability CVE-2026-15409 CVSS 10.0 and the high-severity code injection vulnerability...
CVE-2026-47703
Summary: CVE-2026-47703 affects AdGuard Home and its DoQ-to-UDP forwarding path. Prior to version 0.107.75, the backend UDP path could collapse the DNS transaction ID (txid) to 0 on client-triggered DoQ queries, reducing the entropy of the backend tuple from (txid, source-port) to only the source...
CVE-2026-47737
A flaw was found in Puma, a Ruby/Rack web server. When setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used, Puma incorrectly re-parses PROXY protocol headers after each keep-alive request on the same connection. This allows a remote attacker to inject a second PROXY...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
USN-8546-1 linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...
The vulnerability of the Linux operating system’s kernel, which stems from the inability to release resources after their useful lifespan has ended, allows attackers to trigger service failures.
The vulnerability of the Linux operating system’s kernel is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability allows a remote attacker to cause service interruptions through specially created IPv6 traffic...
CVE-2026-50696
Heap-based buffer overflow in Windows Internet Key Exchange IKE Protocol allows an unauthorized attacker to deny service over a network...
CVE-2026-50306 Windows TCP/IP Elevation of Privilege Vulnerability
...
CVE-2026-50696 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
...
CVE-2026-50696
CVE-2026-50696 is a heap-based buffer overflow in the Windows Internet Key Exchange (IKE) Protocol that allows an unauthenticated, network-based attacker to cause a denial of service. The vulnerability is documented across several sources (NVD and CVE records), with a CVSS v3.1 base score of 7.5 ...
SUSE-SU-2026:2989-1 Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.166 fixes various security issues The following security issues were fixed: - CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmcrelease bsc1264094. - CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1265197. -...