Lucene search
K

14857 matches found

Nuclei
Nuclei
added 16 hours ago14 views

ThinkCMF X2.2.2 - Remote Code Execution

ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets. id: CVE-2020-20601 info: name: ThinkCMF X2.2.2 - Remote Code Execution author: pikpikcu severity: critical...

9.8CVSS7.6AI score0.07598EPSS
Exploits1References2
CVE
CVE
added yesterday6 views

CVE-2026-12659

The CVE-2026-12659 issue affects Rockwell Automation’s Flex 5000® Adapter. It is a denial-of-service vulnerability caused by improper handling of exceptional conditions when processing crafted CIP packets sent to the adapter. The impact is a loss of availability in the affected module and I/O, wi...

8.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-9653

The vulnerability CVE-2026-9653 affects Rockwell Automation 1756-EN2, EN3, and ENBT communication modules. It stems from improper validation of CIP Implicit Connection packets, enabling network-remote denial-of-service when an attacker sends crafted packets; device connections recover immediately...

8.7CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-50721

A flaw was found in Libreswan's implementation of IKEv1 authentication via raw RSA signatures. When processing an IKEv1 packet using PKCS 1 v1.5 RSA encryption, the RSAauthenticatehashsignaturerawrsa function fails to properly validate the length of the authentication hash. A remote,...

8.1CVSS6AI score0.00392EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-43603

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS6.1AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-51537

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

0.00186EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-51537

OpENer 2.3.0 (commit 76b95cf) contains an out-of-bounds read in the Connection Manager when processing malformed ForwardOpen/LargeForwardOpen requests, allowing a remote attacker to trigger the issue over the network without authentication. Red Hat notes potential denial of service or information...

9.1CVSS6.1AI score0.00186EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago79 views

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned...

7.8CVSS7AI score0.7977EPSS
Exploits5References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15169

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service DoS by sending a specially crafted Universal Mobile Telecommunications System UMTS FP protocol packet. The flaw resides in the UMTS FP protocol dissector, which can lead to a crash of the...

7.5CVSS6AI score0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15166

A flaw was found in Wireshark, a network protocol analyzer. An attacker could exploit this vulnerability by sending a specially crafted network packet, which would cause the IEEE 802.11 protocol dissector to crash. This issue results in a denial of service, making the Wireshark application...

5.7CVSS5.9AI score0.00133EPSS
Exploits1References5
NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 8:13 p.m.36 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 8:13 p.m.11 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score0.00732EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/08 8:13 p.m.5 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 5:17 p.m.8 views

CVE-2026-29007

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00472EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56560

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/07/07 2:14 p.m.8 views

freerdp: FreeRDP: Arbitrary code execution via crafted RDPGFX PDUs

A heap-buffer-overflow vulnerability exists in FreeRDP when handling Remote Desktop Protocol Graphics RDPGFX. A malicious or compromised RDP server can exploit this flaw by sending specially crafted graphics packets to a connected client, potentially crashing the client application Denial of...

8.8CVSS7.5AI score0.0042EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56281

Name of the Vulnerable Software and Affected Versions Fire-Boltt Smartwatch FB BGS001 version MOY-JS14-2.0.4 Description Improper authentication allows the device to accept GATT Write Request commands without sufficient authentication or strong session validation. This enables a nearby device to...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2807 radvd security update

The router advertisement daemon radvd is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6...

8.8CVSS6.2AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder