Lucene search
K

13278 matches found

EUVD
EUVD
added 2026/03/26 9:30 a.m.5 views

EUVD-2026-16130

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 7:16 a.m.6 views

CVE-2026-4652

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

7.5CVSS0.00367EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:15 a.m.5 views

CVE-2026-4652

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 6:15 a.m.30 views

CVE-2026-4652 Remote denial of service via null pointer dereference

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

0.00367EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 6:15 a.m.26 views

CVE-2026-4652

Summary of CVE-2026-4652 (NVMe/TCP) : A remote attacker with network access to an NVMe/TCP target can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID, leading to an unauthenticated Denial of Service. Affected systems expose an NVMe/TCP target; imp...

7.5CVSS5.9AI score0.00367EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/26 3:37 a.m.11 views

CVE-2026-4281

The CVE concerns the FormLift for Infusionsoft Web Forms WordPress plugin. Affected versions: all up to 7.5.21. The vulnerability stems from missing capability checks in FormLift_Infusionsoft_Manager.connect() and FormLift_Infusionsoft_Manager.listen_for_tokens(), which run on every page load via...

5.3CVSS6AI score0.00473EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.30 views

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS0.00473EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from systems that expose NVMe/TCP targets. When such systems receive CONNECT commands with forged or expired CNTLIDs targeting I/O queues, a kernel crash may occu...

7.5CVSS5.8AI score0.00367EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28218

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

5.9AI score0.00367EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities; these vulnerabilities were due to server-side request forgery, which could...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.3 views

FreeBSD Security Advisory - FreeBSD-SA-26:07.nvmf

FreeBSD Security Advisory - On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID...

7.5CVSS5.9AI score0.00367EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities were due to improper handling of case sensitivity,...

4.2CVSS5.8AI score0.00133EPSS
Exploits0References2
FreeBSD Advisory
FreeBSD Advisory
added 2026/03/26 12:0 a.m.4 views

FreeBSD-SA-26:07.nvmf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:07.nvmf Security Advisory The FreeBSD Project Topic: Remote denial of service via null pointer dereference Category: core Module: nvmf Announced: 2026-03-26...

7.5CVSS5.9AI score0.00367EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.14 views

PT-2026-28530

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.2 Description OpenBao, an open source identity-based secrets management system, is susceptible to Reflected Cross-Site Scripting XSS through the error description parameter during failed authentication attempts wh...

10CVSS5.9AI score0.03256EPSS
Exploits28References155
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28529

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.2 Description OpenBao, an open source identity-based secrets management system, does not prompt for user confirmation when logging in via JWT/OIDC with a role configured with callback mode set to direct. This allo...

10CVSS5.9AI score0.03256EPSS
Exploits32References156
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

FreeBSD : FreeBSD -- Remote denial of service via null pointer dereference (11bf64f0-28d2-11f1-b35e-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 11bf64f0-28d2-11f1-b35e-bc241121aa0a advisory. On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNEC...

7.5CVSS6AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

7.4CVSS6AI score0.00395EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/25 9:17 p.m.3 views

EUVD-2026-14923

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download...

6.4CVSS5.8AI score0.00395EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

7.4CVSS6.5AI score0.00395EPSS
Exploits1References2
Rows per page
Query Builder