Lucene search
K

23194 matches found

EUVD
EUVD
added 2026/06/23 4:11 p.m.6 views

EUVD-2026-38496

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:11 p.m.33 views

CVE-2026-56116 dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

7.1CVSS0.00187EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/23 4:11 p.m.5 views

CVE-2026-56116

dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 4:11 p.m.16 views

CVE-2026-56116

CVE-2026-56116 affects dhcpcd up to version 10.3.2. The vulnerability is in the IPv6 Router Advertisement route information handling, where a memory leak can be triggered by an unauthenticated, same-link attacker sending crafted Router Advertisements. Specifically, Router Advertisements containin...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 3:16 p.m.10 views

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS0.00431EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 1:48 p.m.7 views

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.9 views

CVE-2026-53663

A flaw was found in React Router. Insufficient Cross-Site Request Forgery CSRF checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:8 p.m.6 views

EUVD-2026-38425

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:8 p.m.5 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51565

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description An issue in the IPv6 Router Advertisement route information handling allows an unauthenticated attacker on the same link to cause a denial of service. By repeatedly sending crafted Router...

7.1CVSS5.7AI score0.00187EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : MySQL vulnerabilities (USN-8457-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8457-1 advisory. It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 10:9 p.m.23 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 10:9 p.m.36 views

CVE-2026-54236

CVE-2026-54236 affects vLLM versions before 0.23.1rc0. Five code paths bypass the sanitize_message global exception handler, leaking heap addresses via exception messages: (1) Anthropic API router POST /v1/messages and POST /v1/messages/count_tokens (vllm/entrypoints/anthropic/api_router.py), (2)...

5.3CVSS5.9AI score0.00796EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/22 7:17 p.m.8 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:39 p.m.41 views

CVE-2026-53663 React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 5:39 p.m.7 views

EUVD-2026-38338

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:39 p.m.17 views

CVE-2026-53663

React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/22 12:27 p.m.8 views

CVE-2026-33245

A flaw was found in React Router. This vulnerability, a type of Cross-Site Scripting XSS, affects applications utilizing React Router's unstable React Server Components RSC APIs. A remote attacker could exploit this by sending untrusted redirects, leading to the execution of malicious scripts in...

8CVSS6AI score0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 12:31 a.m.9 views

EUVD-2026-38200

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

6.5CVSS6.1AI score0.01182EPSS
Exploits0References6
Rows per page
Query Builder