Lucene search
K

22078 matches found

Nuclei
Nuclei
added 13 hours ago20 views

CHIYU TCP/IP Converter - Carriage Return Line Feed Injection

CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized...

6.5CVSS6.7AI score0.18003EPSS
Exploits4References4
Nuclei
Nuclei
added 13 hours ago54 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.9AI score0.44101EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago15 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6AI score0.01443EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2 days ago8 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.6AI score0.00302EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago7 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.5AI score0.004EPSS
Exploits0References5
NVD
NVD
added 3 days ago8 views

CVE-2026-10817

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

7.5CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40317

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 3 days ago22 views

CVE-2026-12819

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions...

9.3CVSS0.0031EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 10:50 a.m.9 views

CVE-2026-53183

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability occurs because the TCP stack independently manages the TCP-level receive window, which can lead to an artificial inflation of the MPTCP receive window. A remote attacker could exploit this by sending...

7.5CVSS6AI score0.00506EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 10:46 a.m.9 views

CVE-2026-53236

A flaw was found in the Linux kernel's handling of TCP sockets. An unprivileged application can exploit this vulnerability by attaching a Berkeley Packet Filter BPF using the SOATTACHFILTER option. This allows the application to conduct a side-channel attack, leading to the leakage of sensitive T...

7CVSS5.8AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 9:0 a.m.5 views

CVE-2026-53249

A flaw was found in the Linux kernel's IPv4 networking component. This vulnerability allows an unprivileged application to set specific IP options, namely Loose Source and Record Route LSRR and Strict Source and Record Route SSRR. By exploiting this, an attacker can force network packets to...

7CVSS5.8AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 6:37 a.m.3 views

SUSE-SU-2026:2638-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work...

9.8CVSS5.9AI score0.00463EPSS
Exploits1References45
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00164EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...

9.8CVSS7.2AI score0.00563EPSS
Exploits13References18
RedHat Linux
RedHat Linux
added 2026/06/25 11:21 p.m.6 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 11:21 p.m.5 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS5.8AI score0.0028EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.5 views

CVE-2026-52999

A flaw was found in the Linux kernel's netfilter subsystem, specifically in the nfnetlinkosf module. When the NFOSFLOGLEVELALL option is configured, an out-of-bounds read vulnerability can occur during TCP option parsing. This issue can lead to incorrect data processing and logging failures,...

9.1CVSS5.8AI score0.00521EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 11:55 a.m.3 views

SUSE-SU-2026:2630-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed wo...

9.8CVSS7AI score0.0055EPSS
Exploits8References63
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39185

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References2
Rows per page
Query Builder