Lucene search
K

81 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:16 p.m.6 views

UBUNTU-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.9 views

PT-2026-50779

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.11.0 Description A stored cross-site scripting XSS issue exists in the web-admin HTTPS interface. An attacker can inject HTML or JavaScript by creating a TURN allocation with a crafted USERNAME value. This script...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/06/03 5:55 p.m.6 views

CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

4.4CVSS5.8AI score0.00155EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 5:53 p.m.10 views

EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 5:53 p.m.40 views

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS0.00096EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References5
OSV
OSV
added 2026/04/24 3:16 a.m.3 views

DEBIAN-CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:20 a.m.9 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.9AI score0.00183EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.15 views

PT-2026-34837

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entry get attribute value in ta/pkcs11/src/object.c can lead to out-of-bounds read...

8.7CVSS5.9AI score0.00183EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 6:17 p.m.4 views

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

2.6CVSS0.00141EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/27 9:33 p.m.7 views

ZITADEL has potential SSRF via Actions

Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.3 views

CVE-2026-24473

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...

6.3CVSS5.9AI score0.00419EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 4:10 p.m.4 views

EUVD-2026-4752

Hono vulnerable to XSS through ErrorBoundary component...

4.7CVSS5.8AI score0.00298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 7:41 p.m.4 views

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS6AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/27 7:41 p.m.20 views

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS0.00298EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:34 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/27 7:34 p.m.7 views

CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:6 p.m.7 views

CVE-2026-24398

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

4.8CVSS5.9AI score0.00315EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder