Lucene search
+L

575 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55934

Name of the Vulnerable Software and Affected Versions ModSecurity versions 3.0.0 through 3.0.15 Description The t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces incorrect output on i386 architecture. This occurs because the snprintf function uses sizeof on...

5.8CVSS6.1AI score0.00411EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.42 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 9:59 a.m.10 views

CVE-2026-53271

A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit a NULL-dereference vulnerability in the oplock/lease break notifiers. This occurs because opinfo-conn is read without proper checks, allowing a concurrent Server Message Block SMB2 LOGOFF to set op-conn t...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

6CVSS5.7AI score0.00119EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

5.6AI score0.00119EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53271

CVE-2026-53271 affects the Linux kernel ksmbd component. The vulnerability is a NULL-deref in oplock/lease break notifiers: smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo-&gt;conn into a local buffer without READ_ONCE and without a NULL check. After opinfo_get_list() drops ci-&g...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53271 ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52366

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL-dereference issue exists in the ksmbd module. The functions smb2 oplock break noti and smb2 lease break noti read the opinfo-conn variable without using READ ONCE or performing a...

5.5CVSS6.2AI score0.00119EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/06/24 9:8 p.m.22 views

CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...

8.1CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:59 p.m.8 views

JLSEC-2026-619 CR/LF injection in server-sent events (SSE) fields in HTTP.jl

Description The server-side SSE serializer wrote the single-line fields event, id, and retry verbatim to the text/event-stream wire with no CR/LF filtering, and split the multi-line data field only on \n, ignoring a bare \r that is also a valid SSE line terminator. The SSEEvent constructor...

6AI score
Exploits0References2
CVE
CVE
added 2026/06/16 1:46 p.m.13 views

CVE-2026-10831

CVE-2026-10831 concerns MOXA NPort serial device servers. The issue is improper access control on the command port: the command interface does not properly verify that the sender is tied to a valid data-port session before accepting break signal commands. A remote attacker with network access can...

6.9CVSS5.4AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 1:46 p.m.29 views

CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:32 p.m.11 views

GHSA-V3WM-QF9P-C549 Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

6.1CVSS5.4AI score0.00262EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.11 views

Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

6.1CVSS5.4AI score0.00262EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48478

Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...

8.4CVSS5.4AI score0.0004EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS5.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.13 views

CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS5.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.14 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/05/30 4:17 p.m.18 views

CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS0.002EPSS
Exploits0References4
Rows per page
Query Builder