Lucene search
K

953052 matches found

CVE
CVE
added 2026/06/18 7:54 p.m.16 views

CVE-2026-49248

OneDev CVE-2026-49248 affects versions 15.0.6 and earlier. TarUtils.untar() creates symbolic links using entry getLinkName() without validating absolute path targets; a following file entry can traverse the symlink and write to arbitrary server-side locations. This enables RCE-like behavior for a...

8.3CVSS5.4AI score0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS5.7AI score0.0045EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 7:44 p.m.17 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0045EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/18 7:29 p.m.19 views

CVE-2026-56099 OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS0.00423EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/18 7:26 p.m.15 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.105 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.6AI score0.26468EPSS
Exploits3
Mageia
Mageia
added 2026/06/18 6:4 p.m.6 views

Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities

CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...

8.8CVSS7.6AI score0.00867EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.36 views

Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier

Question Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression PCRE library used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.32 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.63 views

Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application

Question Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression PCRE libraries used in IBM Aspera Shares Application "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.36 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shar

Question Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares CVE-2016-6304, CVE-2016-2177, ... "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

9.8CVSS7.7AI score0.63029EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2026/06/18 5:32 p.m.14 views

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 CVSS v4 score: 9.2 - A use-after-free vulnerability in the ngxhttpv3module that...

9.2CVSS6.8AI score0.03299EPSS
Exploits4
Cvelist
Cvelist
added 2026/06/18 5:30 p.m.18 views

CVE-2026-48985 pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal can cause a NULL dereference crash when parsing loginctl output. The function calls popen and reads the result; if the Remote field is only a newline, fgets succeeds...

5.5CVSS0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 5:30 p.m.16 views

CVE-2026-48985

pam_usb (Linux hardware authentication) contains a NULL dereference in pusb_is_loginctl_local() when parsing loginctl output in versions ≤ 0.9.1. If the Remote field is just a newline, strtok_r(...) returns NULL and a subsequent strcmp(is_remote, "no") dereferences NULL, causing undefined behavio...

5.5CVSS5.4AI score0.00113EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.3AI score0.00349EPSS
Exploits0References8
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
Rows per page
Query Builder