Lucene search
K

1812 matches found

CVE
CVE
added yesterday4 views

CVE-2026-58531

CVE-2026-58531 is a Windows SMB elevation-of-privilege vulnerability caused by a race condition in a shared resource. It affects Windows SMB components and enables an authorized attacker to elevate privileges over the network. CVSS v3.1 base score 7.5 (NETWORK, HIGH impact), per Microsoft’s advis...

7.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-57089

CVE-2026-57089 affects the Windows SMB Server Network Transport Driver (srvnet.sys). It is a use-after-free vulnerability in srvnet.sys that could allow an unauthenticated attacker to execute code remotely over a network (remote code execution). The CVSSv3.1 base score is 7.5 (HIGH) with Network ...

7.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-50690

CVE-2026-50690 is a Windows SMB information-disclosure vulnerability described as caused by the use of an uninitialized resource within Windows SMB that can allow an authorized local attacker to disclose information. The CVE is linked to Microsoft advisories and MSRC updates addressing the issue,...

5.5CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-50360

The CVE-2026-50360 entry describes an Elevation of Privilege in Windows SMB Server caused by an incorrect authentication algorithm, allowing an authorized attacker to elevate privileges over the network. Published CVSS v3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base 8.8, HIGH). Windows has...

8.8CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58343

Name of the Vulnerable Software and Affected Versions Windows SMB Server affected versions not specified Description An incorrect implementation of the authentication algorithm in the Windows SMB Server allows an authorized attacker to elevate privileges over a network. Recommendations At the...

8.8CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : curl vulnerabilities (USN-8525-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8525-1 advisory. Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP...

9.8CVSS6.7AI score0.01378EPSS
Exploits10References11
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2535)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
OSV
OSV
added last week4 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

7.7CVSS6.3AI score0.01803EPSS
Exploits0References7
Cvelist
Cvelist
added last week39 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS0.01803EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 6:13 a.m.4 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS6.1AI score0.00478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56520

Name of the Vulnerable Software and Affected Versions Horde Virtual File System VFS API versions prior to 3.0.1 Description The Horde Vfs Smb driver contains an OS command injection flaw where the escapeShellCommand method does not properly sanitize command substitution sequences. Authenticated...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/07/06 9:21 p.m.4 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS7.3AI score0.00478EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 6:31 a.m.5 views

OESA-2026-2869 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A...

9.8CVSS6.2AI score0.00595EPSS
Exploits2References46
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-8501-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8501-1 advisory. It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is know...

9.8CVSS6.8AI score0.00563EPSS
Exploits11References15
RedHat Linux
RedHat Linux
added 2026/06/29 10:56 p.m.6 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/29 7:59 p.m.5 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS6.6AI score0.00353EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/29 7:48 p.m.5 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS6.6AI score0.00353EPSS
Exploits4References7
Rows per page
Query Builder