Lucene search
K

444 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-431 OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

9.1CVSS7AI score0.04248EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.10 views

CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.5 views

GHSA-6JJ2-4Q5C-X8G6 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51074

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...

6.5CVSS6AI score0.00088EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/12 1:32 a.m.12 views

CVE-2026-44494

A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle MITM attack. This enables the attacker to intercept, read, and modify all...

8.7CVSS5.1AI score0.01041EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.12 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 7:16 a.m.18 views

CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:39 a.m.17 views

EUVD-2026-35992

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48382

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.13 views

Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/06/09 6:31 p.m.10 views

EUVD-2026-35455

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:50 p.m.37 views

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 p.m.7 views

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:50 p.m.23 views

CVE-2026-9213

CVE-2026-9213 affects NETGEAR gaming routers. The issue stems from insufficient input validation, enabling an attacker who can intercept traffic between the router and the Internet to execute code on the device. Documented impact includes high confidentiality and integrity impact with network-exp...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:39 p.m.9 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS5.5AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 3:39 p.m.34 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47814

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...

7.5CVSS6AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47860

Name of the Vulnerable Software and Affected Versions NETGEAR gaming routers affected versions not specified Description An issue in NETGEAR gaming routers allows attackers who can intercept and tamper with traffic between the router and the Internet to execute code on the device. Recommendations...

9.1CVSS5.5AI score0.00397EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

NETGEAR Orbi 缓冲区错误漏洞

NETGEAR Orbi is a distributed WiFi system developed by NETGEAR, a company in the United States. Versions of NETGEAR Orbi 370 prior to V12.1.2.7 contained a buffer error vulnerability. This vulnerability allowed attackers to intercept and manipulate traffic between the router and the internet. The...

7.5CVSS5.7AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder