Lucene search
+L

21296 matches found

Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-60044

Impact AsyncListener.handle query or defer retained every truncated TC-bit incoming query in self. deferredaddr and armed a per-addr timer in self. timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped...

6.5CVSS6.1AI score0.00018EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-60045

Impact DNSIncoming. decode labels at offset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pa...

10CVSS6.1AI score0.00404EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-60046

Impact DNSIncoming. log exception debug and the four QuietLogger exception-dedup methods stored an unbounded seen logs dict keyed by strsys.exc info1. The seven IncomingDecodeError messages raised from read name / decode labels at offset RFC 6762 §18 name-decoding error paths all embed self.sourc...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-60047

Impact read character string and read string in src/zeroconf/ protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self. data len. Python's slice silently returns fewer bytes when the end index runs pas...

6.5CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-60048

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

6.5CVSS6.1AI score0.00023EPSS
Exploits0References8
OSV
OSV
added 6 days ago4 views

MAL-2026-10212 Malicious code in vuln-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8bd105bf3b12062f312b41f2a1eead5e8481f8d3749fc78bc79ed8675c11394 On npm install, the package's preinstall script triggers a DNS lookup to a unique subdomain of oast.fun fabekzbnjtufpffkzzmvjvi5eafhny3ok.oast.fun, a...

6.4AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 6 days ago5 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits1References3
OSV
OSV
added 6 days ago3 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score0.00346EPSS
Exploits1References6
NVD
NVD
added 6 days ago6 views

CVE-2026-15485

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub43F2C4 of the file /goform/toolsnslookup of the component DNS Lookup Handler. This manipulation of the argument nslookuptarget/dnsserver causes os command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
CVE
CVE
added 6 days ago18 views

CVE-2026-15486

The vulnerability CVE-2026-15486 affects TRENDnet TEW-821DAP (firmware 1.11B03). It targets the Firmware Update Handler's /goform/tools_ddns component, specifically function sub_42026C, where manipulation of hostname/username/password can trigger an os command injection. The attack is described a...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago3 views

CVE-2026-15483 TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub41EC14 of the file /goform/toolsnslookup of the component ssi. The manipulation of the argument nslookuptarget leads to buffer overflow. It is possible to initiate the attack remotely. The vendo...

9CVSS7.3AI score0.00463EPSS
Exploits0References5
NVD
NVD
added last week9 views

CVE-2026-61429

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added last week35 views

CVE-2026-61429 PraisonAI before 1.6.78 SSRF via Crawl4AI Chromium backend

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added last week26 views

CVE-2026-61429

CVE-2026-61429 affects PraisonAI before 1.6.78. A SSRF in the Crawl4AI/Chromium backend allows bypassing initial validation via DNS rebinding and HTTP redirects, enabling a headless browser to access internal services and read internal responses including sensitive canary values. The CVSS metrics...

8.5CVSS6.1AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 9:31 p.m.4 views

CVE-2026-59155 Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 9:16 p.m.7 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS0.00404EPSS
Exploits1References5
NVD
NVD
added 2026/07/10 7:17 p.m.7 views

CVE-2025-30008

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS0.00181EPSS
Exploits0References4
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.26 views

FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.39 views

FTP Fetch, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker Module Options...

6.2AI score
Exploits0
Rows per page
Query Builder