Lucene search
+L

3259 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Devolutions Server 加密问题漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions have security vulnerabilities. These...

6.5CVSS5.8AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.14 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:51 p.m.10 views

CVE-2026-6240

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS5.9AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.15 views

CVE-2025-53680

An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...

6.7CVSS5.8AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.15 views

CVE-2026-1789

A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers...

6.9CVSS5.6AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.14 views

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS5.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-22154

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3,...

5.4CVSS4.9AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.13 views

CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.5AI score0.00331EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 12:0 a.m.33 views

CVE-2026-36785

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-47055

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack overflow exists in the fromDhcpListClient function. This occurs when processing the page parameter via a crafted HTTP request, which can lead to a Denial of Service DoS, a condition where the...

5.5AI score0.00357EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:33 p.m.7 views

CVE-2026-48040

The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...

8.8CVSS5.9AI score0.00174EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 2:5 p.m.13 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-36605

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

5.8AI score0.00177EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-44579

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the...

7.5CVSS5.8AI score0.00546EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from an HTTP denial-of-service attack, which may cause continuous crashes due to a small number of speciall...

6.5CVSS5.2AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 11:47 a.m.37 views

BIT-NGINX-GATEWAY-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References14
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Joomla Component JE Photo Gallery SQL注入漏洞

The Joomla component JE Photo Gallery is an open-source Joomla image gallery component. Version 1.1 of the JE Photo Gallery has a SQL injection vulnerability. This vulnerability stems from the categoryid parameter, which allows for SQL injections. Unauthorized attackers could exploit this...

8.8CVSS5.7AI score0.00341EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.13 views

PT-2026-45124

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/29 12:30 p.m.14 views

CVE-2026-23870

A flaw was found in the React Server DOM components, including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. A remote attacker could exploit this denial of service DoS vulnerability by sending specially crafted HTTP requests to server function endpoints. This...

7.5CVSS5.7AI score0.01533EPSS
Exploits1References4
Rows per page
Query Builder