Lucene search
K

1979 matches found

CVE
CVE
added yesterday39 views

CVE-2026-47703

Summary: CVE-2026-47703 affects AdGuard Home and its DoQ-to-UDP forwarding path. Prior to version 0.107.75, the backend UDP path could collapse the DNS transaction ID (txid) to 0 on client-triggered DoQ queries, reducing the entropy of the backend tuple from (txid, source-port) to only the source...

6.3CVSS6.1AI score0.00047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-10846

A flaw was found in ldns. When applications use ldns as a resolver over User Datagram Protocol UDP, it fails to properly match the query's destination address and port with the response's source address and port. Additionally, the query ID and question are not matched with the response. This...

8.2CVSS6.1AI score0.00147EPSS
Exploits0References4
Metasploit
Metasploit
added 6 days ago21 views

FTP Fetch, Windows shellcode stage, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf payloadreverseudp...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago36 views

FTP Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 6 days ago11 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
Cvelist
Cvelist
added last week31 views

CVE-2026-59692 Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an...

7.5CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 9:8 p.m.10 views

CVE-2026-55490

OpenWrt OpenWrt (embedded Linux) mediateces: CVE-2026-55490 affects the Emergency Access Daemon’s handle_send_a() where an integer underflow can lead to a pre-auth DoS by an unauthenticated attacker on the local network via a crafted UDP packet. The underflow causes a bounds-check misstep, then a...

6.5CVSS6AI score0.00684EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:8 p.m.6 views

CVE-2026-55490

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS6AI score0.00684EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/07 9:8 p.m.6 views

CVE-2026-55490 OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS6AI score0.00684EPSS
Exploits1References5
Snyk
Snyk
added 2026/07/03 8:18 a.m.10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0101EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-55950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all...

8.7CVSS6AI score0.00384EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling sour...

6.3CVSS6AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 5:17 p.m.8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 4:6 p.m.32 views

CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS0.00384EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 4:6 p.m.16 views

CVE-2026-55950

This CVE (CVE-2026-55950) describes a TOCTOU race in Erlang/OTP ssl (dtls_packet_demux.erl) where a DTLS listener’s shared demux process can be crashed by an unauthenticated remote attacker sending rapid ClientHello datagrams from the same source IP/port. The race in the internal gb_trees store l...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/07/02 4:6 p.m.10 views

CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS6AI score0.00384EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 4:6 p.m.36 views

CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:6 p.m.8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/07/02 4:6 p.m.7 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00243EPSS
Exploits0
Rows per page
Query Builder