Lucene search
+L

647 matches found

CVE
CVE
added 2026/04/09 9:34 p.m.37 views

CVE-2026-33774

CVE-2026-33774 affects Junos OS on Juniper MX Series (MPC10/11, LC4800/LC9600 line cards and MX304). An improper check allows an unauthenticated, network-based attacker to bypass firewall filters applied to loopback interfaces lo0.n (n != 0) that are in the default routing instance, enabling pote...

6.9CVSS5.9AI score0.00174EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:34 p.m.3 views

CVE-2026-33774 Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are not in effect

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platform...

6.9CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:34 p.m.4 views

CVE-2026-33774

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platform...

6.9CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 9:27 p.m.5 views

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS6AI score0.00225EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.14 views

Juniper Networks Junos OS MX 代码问题漏洞

Juniper Networks Junos OS MX is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. Versions of Junos OS MX prior to 23.2R2-S6, 23.4R2-S7, 24.2R2, and 24.4R2 contain code...

6.9CVSS5.9AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 p.m.6 views

CVE-2026-39429

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

9.1CVSS0.00436EPSS
Exploits1References3
CVE
CVE
added 2026/04/08 8:16 p.m.17 views

CVE-2026-39429

The CVE-2026-39429 issue in kcp affects the root shard’s cache server, which before versions 0.30.3 and 0.29.3 was exposed with no authentication/authorization. The cache server could be read from and written to by anyone who can reach the root shard, enabling unauthorized access to cached resour...

9.1CVSS5.9AI score0.00436EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/08 8:16 p.m.5 views

CVE-2026-39429 kcp's cache server is accessible without authentication or authorization checks

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

8.2CVSS5.9AI score0.00436EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

kcp 安全漏洞

KCP is an open-source control plane similar to Kubernetes, used for Kubernetes and containers. Versions of KCP prior to 0.30.3 and 0.29.3 have security vulnerabilities. These vulnerabilities stem from the direct exposure of cache servers, along with the lack of authentication and authorization,...

9.1CVSS5.8AI score0.00436EPSS
Exploits1References4
NVD
NVD
added 2026/04/07 3:17 p.m.7 views

CVE-2026-5382

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS0.00174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.7 views

Juniper Junos OS Vulnerability (JSA100055)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100055 advisory. - A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to...

6.9CVSS6AI score0.00318EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.8 views

SUSE CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 11:24 p.m.3 views

Deadlock

Overview Affected versions of this package are vulnerable to Deadlock via the SCTP notification handler process. An attacker can cause the control plane to become unresponsive by sending specially crafted SCTP notifications to the N2 interface, resulting in service disruption for all subscribers...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 11:24 p.m.2 views

Deadlock

Overview Affected versions of this package are vulnerable to Deadlock via the SCTP notification handler process. An attacker can cause the control plane to become unresponsive by sending specially crafted SCTP notifications to the N2 interface, resulting in service disruption for all subscribers...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 9:17 p.m.10 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 8:55 p.m.19 views

CVE-2026-33904

Ella Core is a 5G private-network core. In versions prior to 1.7.0, a deadlock in the AMF SCTP notification handler causes the entire AMF control plane to hang, enabling a denial of service when an attacker with access to the N2 interface sends crafted SCTP notifications. Version 1.7.0 adds defer...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:55 p.m.3 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 8:55 p.m.9 views

CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 5:12 p.m.6 views

EUVD-2026-16464

Incus vulnerable to denial of source through crafted bucket backup file...

6.5CVSS5.9AI score0.00385EPSS
Exploits1References4
Rows per page
Query Builder