Lucene search
K

3057 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 12:42 p.m.11 views

CVE-2026-49317 Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:39 p.m.17 views

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:2 a.m.20 views

EUVD-2026-33261

Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...

8.7CVSS6.1AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities arise from attackers exploiting a flaw in the wireless...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44851

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year Description An incorrect behavior order in the Infotainment / Digital Round display allows an attacker on an adjacent network to bypass the PIN entry screen. The system uses the presence of...

2.4CVSS5.8AI score0.00143EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/28 1:35 p.m.15 views

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 1:35 p.m.13 views

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.12 views

CVE-2026-46153

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.5CVSS5.7AI score0.00112EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.72 views

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.10 views

SUSE CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.14 views

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

5.5CVSS5.7AI score0.00224EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 8:13 p.m.9 views

GHSA-QC95-4862-92FH Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

5.8AI score0.00048EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/27 8:13 p.m.14 views

Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

5.8AI score0.00048EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/05/27 2:19 p.m.14 views

EUVD-2026-32520

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:17 p.m.14 views

CVE-2026-46093

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmappurgelock in shrinker decayvapoolnode can be invoked concurrently from two paths: purgevmaparealazy when pools are being purged, and the shrinker via vmapnodeshrinkscan. However, decayvapoolnode is not safe t...

7.8CVSS0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:16 p.m.19 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

7.3CVSS0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:59 p.m.46 views

CVE-2026-46103 can: ucan: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00114EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/27 12:39 p.m.15 views

CVE-2026-45837

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the arenavmclose function during a fork operation. This occurs because the child's Virtual Memory Area VMA is not correctly registered, leading to a dangling pointer. If a child process attempts to access this stale...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 9:24 a.m.38 views

CVE-2026-45837

CVE-2026-45837 : In the Linux kernel, a use-after-free in arena_vm_close on fork was fixed. The root cause is that arena_vm_open() only bumps vml-&gt;mmap_count and does not register the child VMA in arena-&gt;vma_list, so vml-&gt;vma continues to point to the parent VMA after fork. If the child ...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/27 1:51 a.m.90 views

gatekeeper_wan_poc_server

This is the...

5.9AI score
Exploits0
Rows per page
Query Builder