Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26313

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl DecodePacket. The underflow wraps a 16-bit length to a large...

2.1CVSS6.1AI score0.00251EPSS
Exploits0References5
CVE
CVE
added 2026/03/13 9:39 p.m.30 views

CVE-2026-32724

The CVE-2026-32724 vulnerability affects PX4 Autopilot: a heap-use-after-free in MavlinkShell::available() caused by a race between the MAVLink receiver thread (shell creation/destruction) and the telemetry sender thread (polling output). It is triggerable remotely via MAVLink SERIAL_CONTROL mess...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/05 9:59 p.m.19 views

CVE-2026-28448

OpenClaw OpenClaw (Twitch plugin) versions 2026.1.29 through 2026.2.0 are affected. The vulnerability resides in the Twitch plugin’s access-control logic (checkTwitchAccessControl in extensions/twitch/src/access-control.ts): when allowFrom is configured and allowedRoles is unset or empty, the cod...

9.4CVSS5.9AI score0.00444EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/02/06 3:48 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2025-68699

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...

6.5CVSS5.2AI score0.00264EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 7:32 p.m.15 views

CVE-2025-64438

Fast DDS (eProsima) before versions 3.4.1, 3.3.1, and 2.6.11 has a remotely triggerable OOM DoS via RTPS GAP submessages under RELIABLE QoS. A tiny GAP with a huge gap range causes StatefulReader::processGapMsg() to loop unboundedly, inserting millions of sequence numbers into WriterProxy::change...

7.5CVSS5.5AI score0.0054EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/16 8:10 p.m.764 views

CVE-2026-23744

CVE-2026-23744 affects MCPJam Inspector up to version 1.4.2. The Nuclei template and related sources describe a remote code execution (RCE) vulnerability exploitable via the /api/mcp/connect endpoint. The flaw arises from passing user-controlled input to shell execution, and the service is expose...

9.8CVSS7.7AI score0.38374EPSS
In wildExploits30References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.8 views

CVE-2022-31710

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service...

7.5CVSS7AI score0.0147EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000318 advisory. An issue was found in Linux kernel before 5.5.4. mwifiexretwmmgetstatus in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buff...

7.1CVSS6.8AI score0.01218EPSS
Exploits0References4
NVD
NVD
added 2026/01/05 8:15 a.m.6 views

CVE-2026-0580

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...

6.1CVSS0.00189EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.24 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a remote device sending an invalid connection request during a BT connectable LE scan, which could result in a transient denial of service...

6.5CVSS6.7AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 1:45 p.m.4 views

CVE-2025-41707

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...

5.3CVSS6.9AI score0.0144EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18200

Malware in sbrugna...

9.8CVSS9.2AI score0.02415EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-29571

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01164EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26423

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15979

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01187EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25737

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00636EPSS
Exploits1References1
NVD
NVD
added 2025/10/01 10:15 p.m.14 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 2:32 a.m.8 views

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

3.1CVSS0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.3 views

CVE-2025-55118

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

8.9CVSS6.7AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder