Lucene search
+L

301 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

9.8CVSS0.00346EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-10663

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/07/05 10:23 p.m.24 views

CVE-2026-10657

The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...

5.3CVSS6.2AI score0.00243EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:30 p.m.9 views

CVE-2026-10687

This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix author, determined that the addressed defect does not apply to any released version of Zephyr: the affected code path exists only in unreleased development code, and no released branch is...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-49108

CVE-2026-10676 - Rejected reason: This CVE Record has been rejected CVE ID :CVE-2026-10676 Published : June 12, 2026, 12:16 a.m. | 1 hour, 14 minutes ago Description :Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed...

5.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.17 views

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

6.5CVSS5.9AI score0.00194EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/02/02 10:23 a.m.10 views

WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability

Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...

8.1CVSS5.3AI score0.00402EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 7:36 a.m.5 views

CVE-2025-12496

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS5.9AI score0.00599EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 8:15 a.m.7 views

CVE-2025-12496

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS0.00599EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/17 7:25 a.m.11 views

WordPress Zephyr Project Manager plugin <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability

Authenticated Custom+ Arbitrary File Read And Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin Zephyr Project Manager versions = 3.3.203...

4.9CVSS6.8AI score0.00599EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/17 7:21 a.m.40 views

CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS0.00599EPSS
Exploits0References3
CVE
CVE
added 2025/12/17 7:21 a.m.19 views

CVE-2025-12496

The CVE-2025-12496 entry concerns the Zephyr Project Manager WordPress plugin. It describes a Directory Traversal vulnerability across all versions up to 3.3.203 via the file parameter, enabling authenticated attackers with Custom-level access and above to read arbitrary server files (potentially...

4.9CVSS5.5AI score0.00599EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/17 7:21 a.m.9 views

EUVD-2025-203881

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS5.4AI score0.00599EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/17 7:21 a.m.5 views

CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS5.5AI score0.00599EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

WordPress plugin Zephyr Project Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

4.9CVSS6.6AI score0.00599EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2493

Malware in sbrugna...

7.8CVSS7.6AI score0.00396EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-2524

Malware in sbrugna...

5.8CVSS5.5AI score0.01181EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-2492

Malware in sbrugna...

7.8CVSS7.6AI score0.00687EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-5709

Malware in sbrugna...

9.8CVSS9.5AI score0.01725EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2484

Malware in sbrugna...

8.1CVSS7.6AI score0.00451EPSS
Exploits0References6
Rows per page
Query Builder