Lucene search
K

2140 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 1:37 p.m.7 views

CVE-2026-48141

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

6CVSS5.8AI score0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 1:37 p.m.36 views

CVE-2026-48141 Memory leak in NI grpc-device BeginSidebandStream

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

6CVSS0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.69 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
OSV
OSV
added 2026/06/18 3:57 p.m.10 views

ROOT-APP-GOBINARY-CVE-2026-33186 CVE-2026-33186 in rootio-google.golang.org/grpc - Patched by Root

Root has patched CVE-2026-33186 in the rootio-google.golang.org/grpc package for Root:Go. Multiple fixed versions available...

9.1CVSS7.6AI score0.00522EPSS
Exploits1
Snyk
Snyk
added 2026/06/18 3:20 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the agentid metadata in the gRPC communication process. An attacker can impersonate other agents on the same server by injecting a forged value into outgoing metadata, leading to unauthorized cross-tenant actions...

7.1CVSS6AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 2:13 p.m.22 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 8:16 p.m.14 views

CVE-2026-32682

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS0.00292EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/17 10:34 a.m.18 views

USN-8390-2: Linux kernel vulnerability

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS5.8AI score0.93235EPSS
Exploits31
OSV
OSV
added 2026/06/17 10:34 a.m.5 views

USN-8390-2 linux-azure, linux-gcp, linux-hwe, linux-oracle vulnerability

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS7AI score0.93235EPSS
Exploits31References2
OSV
OSV
added 2026/06/16 3:1 a.m.11 views

MAL-2026-5860 Malicious code in solana-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...

5.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.182 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
EUVD
EUVD
added 2026/06/11 5:34 a.m.16 views

EUVD-2026-36215

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

8.1CVSS6.1AI score0.03578EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.39 views

PT-2026-48692

Name of the Vulnerable Software and Affected Versions @grpc/grpc-js versions prior to 1.9.16 @grpc/grpc-js versions prior to 1.10.12 @grpc/grpc-js versions prior to 1.11.4 @grpc/grpc-js versions prior to 1.12.7 @grpc/grpc-js versions prior to 1.13.5 @grpc/grpc-js versions prior to 1.14.4...

7.5CVSS5.8AI score0.00625EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Transmission vulnerability (USN-8404-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8404-1 advisory. It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker...

5.3CVSS5.6AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-42542

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS0.00539EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:32 p.m.16 views

EUVD-2026-36136

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS5.5AI score0.00539EPSS
Exploits1References2
Wordfence Blog
Wordfence Blog
added 2026/06/10 4:53 p.m.13 views

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

8.1CVSS6.8AI score0.03578EPSS
Exploits3
Cvelist
Cvelist
added 2026/06/10 2:35 p.m.36 views

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 5:34 p.m.35 views

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
Rows per page
Query Builder