Lucene search
K

27014 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges...

8.8CVSS5.8AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.6 views

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

9.8CVSS6AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.5 views

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

4.8CVSS5.8AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...

6.3CVSS5.8AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-22628

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file...

5.3CVSS5.9AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.2 views

CVE-2026-22321

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

5.3CVSS6.2AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.7 views

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

7.7CVSS7.3AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

7.6CVSS5.8AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

8.2CVSS5.7AI score0.003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32030

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...

8.2CVSS5.9AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.6 views

CVE-2026-4558

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

9CVSS6.9AI score0.03628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22727

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/26 2:51 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

10CVSS7.3AI score0.01945EPSS
Exploits2References14
ICS
ICS
added 2026/03/26 6:0 a.m.4 views

PTC Windchill Product Lifecycle Management

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

9.3CVSS6.5AI score0.00673EPSS
Exploits0References13
Circl
Circl
added 2026/03/26 3:0 a.m.3 views

CVE-2026-20113

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:10+00:00| seen|...

5.3CVSS5.8AI score0.0029EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/03/26 12:0 a.m.7 views

March 26, 2026—KB5079391 (OS Builds 26200.8116 and 26100.8116) Preview

March 26, 2026—KB5079391 OS Builds 26200.8116 and 26100.8116 Preview This update is no longer being offered to new devices due to an installation issue identified after release. The issue has been addressed in the March 31, 2026—KB5086672 OS Builds 26200.8117 and 26100.8117 Out-of-band update tha...

5.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 7:41 p.m.2 views

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS5.8AI score0.00365EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15429

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

6.5CVSS5.8AI score0.00093EPSS
Exploits0References2
Rows per page
Query Builder