Lucene search
K

23990 matches found

Snyk
Snyk
added 2026/05/18 11:47 a.m.7 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the support packet generation process. An attacker can access sensitive credentials in plaintext by downloading a support packet from the System Console. This is only exploitable if t...

8.7CVSS5.8AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 10:8 a.m.7 views

OPENSUSE-SU-2026:20778-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

9.8CVSS5.8AI score0.01335EPSS
Exploits2References26
OSV
OSV
added 2026/05/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20776-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...

8.8CVSS6.4AI score0.02995EPSS
Exploits4References10
OSV
OSV
added 2026/05/18 9:31 a.m.3 views

GHSA-82J6-4FQ7-FX62 Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 9:31 a.m.6 views

GHSA-9P64-JPC7-M2RP Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

8.7CVSS5.8AI score0.0029EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 9:16 a.m.19 views

CVE-2026-6347

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:30 a.m.10 views

EUVD-2026-30752

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 7:47 a.m.3 views

SUSE-SU-2026:1944-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References24
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

tinyMQTT 资源管理错误漏洞

tinyMQTT is a pre-sorted tree traversal algorithm library developed by 0x7C9A. There is a resource management vulnerability in tinyMQTT; this vulnerability stems from improper protocol handling during the parsing of CONNECT packets, which may lead to exhaustion of server resources. The following...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 12:0 a.m.17 views

EUVD-2026-30780

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.8 views

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

5.8AI score0.00114EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.42 views

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41661

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description The Mattermost Calls plugin fails to sanitize sensitive configuration fields. This allows an attacker...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.9 views

CVE-2025-56352

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.6 views

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References3
CVE
CVE
added 2026/05/18 12:0 a.m.16 views

CVE-2026-38719

OpENer 2.3-558-g1e99582 contains an out-of-bounds read in the CPF parser (CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c). A crafted ENIP/CPF message can supply an attacker-controlled item_count that is not consistently validated against the remaining data_length of the CPF sl...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

5.8AI score0.00114EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

OpENer 缓冲区错误漏洞

OpENer is an open-source industrial Ethernet protocol stack developed by the EIP Stack Group, supporting connections for I/O devices. Version OpENer v2.3-558-g1e99582 contains a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the CreateCommonPacketFormatStructur...

6.2CVSS6AI score0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/17 8:15 a.m.10 views

CVE-2026-8741 EMQX QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl race condition

A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqxpersistentsessionds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is...

3.1CVSS5AI score0.00282EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/17 8:15 a.m.18 views

EUVD-2026-30692

A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqxpersistentsessionds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is...

3.1CVSS5AI score0.00282EPSS
Exploits1References5
Rows per page
Query Builder