Lucene search
+L

38 matches found

nvd
nvd
added 2026/07/08 5:17 p.m.9 views

CVE-2026-29009

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS0.00438EPSS
Exploits0References4
osv
osv
added 2026/07/08 4:16 p.m.4 views

CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS6.2AI score0.00438EPSS
Exploits0References7
euvd
euvd
added 2026/07/08 4:16 p.m.5 views

EUVD-2026-42333

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfsreadlinkreply net/nfs-common.c when CONFIGCMDNFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfspathbuff buffer by returning multiple relative symlink targets that are appended witho...

8.8CVSS6.3AI score0.00438EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/23 7:22 a.m.16 views

CVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible...

9.8CVSS6.5AI score0.0054EPSS
Exploits0References1
euvd
euvd
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24632

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible...

8.1CVSS6.5AI score0.0054EPSS
Exploits0References2
nvd
nvd
added 2026/04/22 8:16 a.m.6 views

CVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible...

9.8CVSS0.0054EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/22 7:13 a.m.4 views

CVE-2026-6023 Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible...

8.1CVSS6.5AI score0.0054EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/22 7:13 a.m.3 views

CVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible...

8.1CVSS6.5AI score0.0054EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/04/22 7:13 a.m.61 views

CVE-2026-6023

CVE-2026-6023 affects Progress Telerik UI for ASP.NET AJAX, RadFilter control. Versions 2024.4.1114 through 2026.1.421 are vulnerable to insecure deserialization when restoring filter state exposed to the client; tampering with this state can enable server-side remote code execution. Supported so...

9.8CVSS6.5AI score0.0054EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/01/22 8:10 a.m.22 views

CVE-2026-24332

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

4.3CVSS0.0026EPSS
Exploits0References1
cnvd
cnvd
added 2025/10/24 12:0 a.m.5 views

Tenda AC6 SetClientState function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.3AI score0.00372EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/10/23 12:17 a.m.22 views

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

7.5CVSS7.2AI score0.00372EPSS
Exploits1References1
euvd
euvd
added 2025/10/22 6:30 p.m.7 views

EUVD-2025-35615

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

6.6AI score0.00372EPSS
Exploits1References2
osv
osv
added 2025/10/22 6:15 p.m.2 views

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

7.5CVSS6AI score0.00372EPSS
Exploits1References1
nvd
nvd
added 2025/10/22 6:15 p.m.8 views

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

7.5CVSS0.00372EPSS
Exploits1References1
cvelist
cvelist
added 2025/10/22 12:0 a.m.13 views

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

0.00372EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-2589

Malware in sbrugna...

5CVSS6.4AI score0.01387EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-0326

Malware in sbrugna...

10CVSS6.3AI score0.02676EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/22 10:20 a.m.10 views

CVE-2019-15541

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service loop of connevent and ready by arranging for a client to never be writable...

7.5CVSS6.8AI score0.02233EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/21 9:27 p.m.5 views

CVE-2004-2598

Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the...

5CVSS7AI score0.01387EPSS
Exploits0References1
Rows per page
Query Builder