Lucene search
K

203280 matches found

RedHat Linux
RedHat Linux
added 2026/06/24 4:42 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:20 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12847

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/24 3:34 a.m.8 views

EUVD-2026-38648

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.9 views

CVE-2026-56117

A flaw was found in dhcpcd. A heap use-after-free vulnerability in the control socket handling allows a local unprivileged attacker to trigger memory corruption. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.10 views

CVE-2026-56116

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.8 views

CVE-2026-56115

A flaw was found in dhcpcd. This vulnerability allows an unauthenticated attacker on the same network link to trigger a one-byte stack out-of-bounds write. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can corrupt adjacent stack memory. This can le...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.11 views

CVE-2026-56114

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link could exploit a one-byte stack out-of-bounds write vulnerability in the dhcp6makemessage function. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a...

6.5CVSS5.7AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.9 views

CVE-2026-56113

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS0.00103EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51668

Name of the Vulnerable Software and Affected Versions Post Duplicator versions prior to 3.0.15 Description Users with Contributor-level access and above can perform a PHP Object Injection. This occurs because the plugin fails to safely handle custom meta-data during post duplication, storing...

7.2CVSS5.8AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52038

Name of the Vulnerable Software and Affected Versions Tapo C200 v3 Description A denial-of-service DoS issue exists in the network packet handling logic due to improper processing of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52040

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in the Autofill feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved by using a...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52043

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A race condition in DevTools allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved by using a crafted HTML...

8.3CVSS5.8AI score0.00184EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 12:0 a.m.12 views

CVE-2026-49269

Apple M1 GPUs expose a cross-process register state leakage: a sandboxed Metal attacker can read stale values from another sandboxed process’s compute shader dispatches, potentially recovering a 128-bit secret that was loaded into GPU registers. In proof-of-concept, a victim app writes a fresh se...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51814

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

10CVSS6.8AI score0.00427EPSS
Exploits0References7
Redos
Redos
added 2026/06/24 12:0 a.m.3 views

ROS-20260624-73-0030

The vulnerability in Netty is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

9.1CVSS6.8AI score0.00818EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51654

Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...

10CVSS6.8AI score0.00436EPSS
Exploits0References9
Rows per page
Query Builder