Lucene search
K

1881 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 4:2 p.m.7 views

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:2 p.m.13 views

EUVD-2026-35473

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 4:2 p.m.7 views

CVE-2026-49842

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
NCSC
NCSC
added 2026/06/08 8:31 a.m.20 views

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

9.8CVSS6.1AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.6AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS5.4AI score0.00344EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.5AI score0.00368EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.6 views

CVE-2026-45212

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...

5.3CVSS5.5AI score0.00225EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/06/04 9:17 p.m.16 views

From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation

In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build something that did not exist, and what it took to make it real. Turning an operating model into a product sounds straightforward until you ar...

6.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/06/03 3:0 p.m.12 views

Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike

Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch propagation by up to 92%, reducing WAN bandwidth by 99%+, and helping close critical vulnerabilities before attackers can move. Available now in...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-8180

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 1:56 p.m.9 views

EUVD-2026-32506

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:56 p.m.25 views

CVE-2026-7876

CVE-2026-7876 is an authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I). Affected CP4I HSTS versions are 1.5.1–1.5.19. The vulnerability (CWE-287) could allow a transfer client to access files in the server’s local storage that should be restricted....

9.1CVSS5.3AI score0.00312EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:56 p.m.10 views

CVE-2026-7876

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00312EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 1:56 p.m.15 views

CVE-2026-7876 Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not ...

5.5AI score0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:21 p.m.15 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43988

Name of the Vulnerable Software and Affected Versions IBM Aspera High-Speed Transfer Endpoint versions 3.7.4 through 4.4.7 Fix Pack 1 IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1 Description A buffer overflow exists in the asperahttpd component. This issue allows ...

8.8CVSS6.3AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/24 11:15 p.m.25 views

CVE-2026-9405 Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation o...

10CVSS0.01732EPSS
Exploits0References5
Rows per page
Query Builder