Lucene search
K

52662 matches found

CVE
CVE
added 2026/06/15 12:0 a.m.38 views

CVE-2026-39118

Kandji Agent from Iru, Inc. (pre-4.7.5(5374)) contains a local privilege-escalation flaw driven by a client-validation gap that allows a local attacker to invoke restricted agent functionality. The CVSS metrics indicate HIGH impact across confidentiality, integrity, and availability with LOCAL at...

8.4CVSS5.3AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.26 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49246

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.4AI score0.00579EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.11 views

CVE-2026-45389

Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...

7.4CVSS5.3AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.6 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00191EPSS
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0011

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to data writing beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

8.8CVSS7.8AI score0.00591EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0043

The vulnerabilities of the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA in the FreeRDP client are related to a memory reclamation error. Exploiting these vulnerabilities could allow an attacker to compromise the accessibility of protected information...

5.3CVSS5.5AI score0.00282EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0041

The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...

7.5CVSS5.7AI score0.00265EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0009

The vulnerability of the RDP client FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.5CVSS5.4AI score0.00427EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0015

The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

8.8CVSS8.3AI score0.00537EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0016

The vulnerability of the gdiSurfaceCommandClearCodec function in the RDP client FreeRDP is caused by a buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

8.8CVSS8.3AI score0.00537EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49594

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Payload resources are not closed correctly when a client disconnects during a write operation. If a payload utilizes an open file or other limited resources, an attacker can cause temporary resource...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49186

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.3AI score0.00159EPSS
Exploits0References2
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0030

The vulnerability of the bitmapcacheput function in the FreeRDP client involves writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

8.2CVSS5AI score0.00309EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.8 views

ROS-20260615-73-0007

The vulnerability of the StreamEnsureCapacity function in the RDP client FreeRDP is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

7.5CVSS5.3AI score0.00346EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.4 views

ROS-20260615-73-0026

The vulnerabilities of the functions xfSetWindowMinMaxInfo and xfrailgetwindow in the RDP client FreeRDP are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

9.8CVSS8.4AI score0.00599EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0038

The vulnerability of the progressivedecompresstileupgrade function in the RDP client FreeRDP is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failure...

7.5CVSS4.8AI score0.00426EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/14 5:26 p.m.6 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS5.5AI score0.00407EPSS
Exploits0References4
Rows per page
Query Builder