Lucene search
+L

16159 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.8 views

CVE-2026-51606

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 12:0 a.m.10 views

CVE-2026-51606

CVE-2026-51606 affects Tenda CP3 v3.0 with firmware v31.1.9.91. The RTSP service suffers improper input handling: when an oversized field value is sent, the device terminates the TCP connection with an RST and does not return any RFC 2326‑compliant error response. Affected items include the reque...

7.5CVSS6AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.34 views

CVE-2026-51606

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-56933

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 2025.4.6 Pimcore versions prior to 2026.1.6 Description An unauthenticated attacker who knows a valid admin username can take over an admin account by sending a password reset request containing an attacker-controlled...

8.8CVSS6.1AI score0.0035EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

6.8CVSS0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 4:16 p.m.13 views

CVE-2026-9074

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.8CVSS0.00507EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 3:24 p.m.17 views

CVE-2026-9074

IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...

9.8CVSS6AI score0.00507EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/08 3:24 p.m.9 views

EUVD-2026-42307

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS6AI score0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 3:24 p.m.34 views

CVE-2026-9074 IBM API Connect SQL Injection

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS0.00507EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 9:16 a.m.7 views

CVE-2026-57256

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57244

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57249

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.8 views

CVE-2026-57249

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/08 7:36 a.m.9 views

EUVD-2026-42204

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.19 views

CVE-2026-57249

CVE-2026-57249 affects Foxit PDF Editor/Reader in the annotation handling path. After opening a PDF, the software resets the annotation status and triggers a reset form event; during the subsequent re-entry it accesses invalid objects, leading to a crash. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/07/08 7:36 a.m.6 views

EUVD-2026-42195

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.6 views

CVE-2026-57244

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/07/08 7:36 a.m.36 views

CVE-2026-57244 Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.19 views

CVE-2026-57244

CVE-2026-57244 affects Foxit PDF Editor/Reader Form Control. The root cause is a missing re-entry protection and object lifecycle verification during form synchronization after JavaScript resets, causing a control pointer dereference after a failure and resulting in a crash. The CVSSv3.1 vector i...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/07/08 7:36 a.m.13 views

CVE-2026-57250

CVE-2026-57250 affects Foxit PDF Editor/Reader when opening a PDF and JavaScript resets form fields, causing a re-entry into the interface that damages a native object. The app validates insufficiently, and the function call on the damaged object leads to a crash. The CVSS v3.1 vector is LOCAL/Ux...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder