Lucene search
K

137 matches found

NVD
NVD
added yesterday5 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 9:21 p.m.10 views

dnsmasq: DHCPv6 CLID buffer overflow in helper process

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

8.8CVSS5.9AI score0.00812EPSS
Exploits1References5
OSV
OSV
added 2026/06/22 10:55 a.m.9 views

SUSE-SU-2026:2481-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 a.m.11 views

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:57 a.m.12 views

EUVD-2026-36397

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS5.3AI score0.0047EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48848

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3AI score0.0047EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.2AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.10 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.43 views

RockyLinux 10 : dnsmasq (RLSA-2026:19158)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19158 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq...

8.8CVSS6AI score0.07237EPSS
Exploits4References13
RedHat Linux
RedHat Linux
added 2026/06/01 12:15 a.m.20 views

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 2:16 p.m.16 views

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

8.1CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

FreePBX 安全漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI-based web interface. Versions of FreePBX prior to 17.0.8 contained a security vulnerability. This vulnerability stemmed from the OAuth2 implementation in the API module,...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 3:43 p.m.14 views

RLSA-2026:19373 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

8.8CVSS6AI score0.07237EPSS
Exploits3References6
EUVD
EUVD
added 2026/05/27 3:3 p.m.13 views

EUVD-2026-32548

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

RabbitMQ 安全漏洞

RabbitMQ is an open-source, feature-rich multi-protocol message and streaming media broker. Versions of RabbitMQ from 4.2.0 to 4.2.4 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions for variable substitutions in topic-level authorization within th...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 5:9 a.m.14 views

dnsmasq: DHCPv6 CLID buffer overflow in helper process

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

8.8CVSS5.9AI score0.00812EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2026/05/26 12:0 a.m.14 views

Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

8.8CVSS6AI score0.07237EPSS
Exploits3References12
Rows per page
Query Builder