CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

345 matches found

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.9CVSS0.00018EPSS

Exploits0References1

Tenable Nessus•added 2 days ago•2 views

Oracle Linux 8 : gnutls (ELSA-2026-20611)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.00486EPSS

Exploits1References12

CVE•added 2 days ago•5 views

CVE-2026-36616

CVE-2026-36616 affects the Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue is the presence of hardcoded WiFi driver credentials embedded in the production firmware binary: a RADIUS shared secret, a WPS test key, and a default PSK. The vulnerability arises from these sensitive ...

5.9CVSS5.8AI score0.00018EPSS

Exploits0References1

NVD•added 4 days ago•9 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00035EPSS

Exploits0References1

CVE•added 4 days ago•7 views

CVE-2026-10517

The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...

5.8CVSS5.7AI score0.00035EPSS

Exploits0References1

Vulnrichment•added 4 days ago•7 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

5.8CVSS5.7AI score0.00035EPSS

Exploits0References1

ATTACKERKB•added 4 days ago•8 views

CVE-2026-10517

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

RedhatCVE•added 4 days ago•6 views

CVE-2026-10517

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

Positive Technologies•added 4 days ago•7 views

PT-2026-45353

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

Tenable Nessus•added 2026/05/29 12:0 a.m.•8 views

SUSE SLES15 Security Update : gnutls (SUSE-SU-2026:2087-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2087-1 advisory. This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive...

9.8CVSS5.9AI score0.00486EPSS

Exploits1References34

OSV•added 2026/05/26 2:17 p.m.•3 views

JLSEC-2026-521

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

9.8CVSS7.1AI score0.00844EPSS

Exploits0References24

RedHat Linux•added 2026/05/26 6:40 a.m.•7 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.00125EPSS

Exploits0References4

OSV•added 2026/05/18 10:8 a.m.•4 views

OPENSUSE-SU-2026:20778-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

9.8CVSS5.8AI score0.00486EPSS

Exploits2References26

CNNVD•added 2026/05/11 12:0 a.m.•2 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/CloneSite/cloneClient.json.php file displaying the local CloneSite shared key in unvalidate...

7.5CVSS5.9AI score0.00041EPSS

Exploits0References1

EUVD•added 2026/05/07 12:31 p.m.•3 views

EUVD-2026-28354

7.1CVSS5.8AI score0.00125EPSS

Exploits0References3

NVD•added 2026/05/07 12:16 p.m.•10 views

CVE-2026-42010

9.8CVSS0.00125EPSS

Exploits0References6

OSV•added 2026/05/07 12:16 p.m.•1 views

ALPINE-CVE-2026-42010

9.8CVSS5.8AI score0.00125EPSS

Exploits0References1

Vulnrichment•added 2026/05/07 12:0 p.m.•5 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

7.1CVSS5.8AI score0.00125EPSS

Exploits0References6

RedhatCVE•added 2026/05/07 12:0 p.m.•7 views

CVE-2026-42010

9.8CVSS5.8AI score0.00125EPSS

Exploits0References3

CVE•added 2026/04/24 5:20 p.m.•8 views

CVE-2026-41898

CVE-2026-41898 affects the rust-openssl bindings for Rust. The vulnerability arises in the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb, where the user closure’s returned usize was forwarde...

9.8CVSS5.6AI score0.00063EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by