Lucene search
K

21 matches found

CVE
CVE
added 2026/04/09 9:28 p.m.16 views

CVE-2026-33786

CVE-2026-33786 affects Juniper Networks Junos OS running on SRX1600, SRX2300, and SRX4300. The issue is an Improper Check for Unusual or Exceptional Conditions in the chassis control daemon (chassisd), allowing a local, low-privilege attacker to cause a complete Denial of Service. When a specific...

6.8CVSS5.9AI score0.00095EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.1 views

CVE-2026-21904

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 9:33 p.m.8 views

CVE-2026-21907

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers ssl-static-key-ciphers, reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support...

8.2CVSS6.9AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 9:16 p.m.5 views

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/15 8:21 p.m.25 views

CVE-2026-21907 Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers ssl-static-key-ciphers, reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support...

8.2CVSS0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 6:30 p.m.4 views

EUVD-2025-33386

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...

6.1CVSS6.5AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 5:16 p.m.21 views

CVE-2025-60002

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...

6.1CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 5:16 p.m.4 views

CVE-2025-59996

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...

5.1CVSS6AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 5:15 p.m.3 views

CVE-2025-59982

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 4:17 p.m.10 views

CVE-2025-60002 Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...

6.1CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 4:17 p.m.2 views

CVE-2025-60001 Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 4:11 p.m.2 views

CVE-2025-59989 Junos Space: Device Discovery page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.5AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41433

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. An attacker can inject script tags in the CLI...

6.1CVSS6.8AI score0.00207EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/01/23 12:0 a.m.9 views

7-Zip Mark-of-the-Web Bypass

Proof of concept exploit that allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. All versions before 24.09 are considered vulnerable...

7CVSS7AI score0.67071EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2023/03/31 1:57 a.m.4 views

SUSE CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS9AI score0.01185EPSS
Exploits0References4
OSV
OSV
added 2023/03/28 9:15 p.m.2 views

UBUNTU-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS5.7AI score0.01185EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.6 views

SUSE CVE-2014-1556

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library...

9.3CVSS9.3AI score0.03758EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.4 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...

5.3CVSS5.8AI score0.006EPSS
Exploits0References4
OSV
OSV
added 2022/10/21 4:15 p.m.6 views

CVE-2022-1059

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References1
OSV
OSV
added 2019/12/16 8:15 p.m.6 views

CVE-2019-0159

Insufficient memory protection in the Linux Administrative Tools for IntelR Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS5.8AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder