Lucene search
+L

2348 matches found

redhatcve
redhatcve
added 2026/06/10 9:3 p.m.11 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 8:32 p.m.16 views

EUVD-2026-36136

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS5.5AI score0.00539EPSS
Exploits1References2
wordfence
wordfence
added 2026/06/10 4:53 p.m.13 views

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

8.1CVSS6.8AI score0.03578EPSS
Exploits3
cvelist
cvelist
added 2026/06/10 2:35 p.m.36 views

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.20 views

TDengine 数字错误漏洞

TDengine is an open-source, high-performance, cloud-native time series database developed by the TDengine company. There are digital error vulnerabilities in the TDengine 3.4.0.0 to 3.4.1.5 version. These vulnerabilities stem from unverified remote attackers sending specially crafted RPC packets,...

7.5CVSS5.4AI score0.00539EPSS
Exploits1References1
cve
cve
added 2026/06/09 5:34 p.m.35 views

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/09 3:46 a.m.40 views

CVE-2026-40983 Micrometer gRPC server instrumentation DoS vulnerability

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

7.5CVSS0.00474EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/09 3:46 a.m.40 views

CVE-2026-40983 Micrometer gRPC server instrumentation DoS vulnerability

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

7.5CVSS5.4AI score0.00474EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.21 views

PT-2026-47529

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified SAP ABAP Platform affected versions not specified Description Improper RFC Remote Procedure Call protocol validation in the SAP Kernel allows an unauthenticated attacker to...

10CVSS5.5AI score0.00437EPSS
Exploits0References22
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.19 views

PT-2026-47642

Name of the Vulnerable Software and Affected Versions Micrometer versions 1.16.0 through 1.16.5 Micrometer versions 1.15.0 through 1.15.11 Description A user can send specially crafted gRPC requests to cause a denial-of-service DoS condition, which is a state where the system becomes unavailable ...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References9
ubuntu
ubuntu
added 2026/06/08 3:15 p.m.14 views

USN-8404-1: Transmission vulnerability

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0
osv
osv
added 2026/06/08 3:15 p.m.15 views

USN-8404-1 transmission vulnerability

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References2
nessus
nessus
added 2026/06/06 12:0 a.m.20 views

RHEL 10 : image-builder (RHSA-2026:22937)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...

10CVSS5.7AI score0.00765EPSS
Exploits2References19
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62233

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.4AI score0.00537EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

8.8CVSS5.5AI score0.00171EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/05 1:24 p.m.10 views

CVE-2026-50233 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00294EPSS
Exploits2References2
nvd
nvd
added 2026/06/05 12:17 a.m.16 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00433EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.21 views

PT-2026-46930

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References2
nessus
nessus
added 2026/06/05 12:0 a.m.9 views

Ubuntu 14.04 LTS / 18.04 LTS : Linux kernel vulnerability (USN-8390-1)

The remote Ubuntu 14.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8390-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Fra...

8.8CVSS6AI score0.93235EPSS
Exploits31References2
ubuntu
ubuntu
added 2026/06/04 9:3 p.m.19 views

USN-8388-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.1AI score0.93235EPSS
Exploits57
Rows per page
Query Builder