Lucene search
K

1649 matches found

Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36910

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

9.3CVSS6AI score0.04983EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:30 p.m.5 views

CVE-2025-12993

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of CVE-2025-67968. Notes: All CVE users should reference CVE-2025-67968 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

9.9CVSS6AI score0.00525EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 2:14 p.m.21 views

CVE-2026-31750

CVE-2026-31750 affects the Linux kernel comedi driver. The issue is a memory leak where chanlist was not freed in the exceptional exit path of do_cmd_ioctl because runflags may be unset; do_become_nonbusy() previously freed chanlist only when runflags were set. The fix adds a check in do_become_n...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Automotive Grade Linux app-framework-binder 安全漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from the existence of elevation of privilege in...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36385

In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak 1, because commit 4e1da516debb "comedi: Add reference counting for Comedi command handling" did not consider the exceptional exit case in...

5.7AI score0.00107EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.7 views

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 12:0 a.m.6 views

EUVD-2026-26681

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Cisco Firepower Threat Defense (FTD) Software SSL Decryption Policy DoS (cisco-sa-ftd-dnd-dos-bpEcg7B7)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated,...

6.8CVSS5.8AI score0.00377EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/24 2:31 a.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via DoRequestAsync. An attacker in control of a configured endpoint can cause excessive memory consumption and potentially terminate the process by supplying a large HTTP response bod...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 6:16 p.m.6 views

CVE-2026-31533

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...

9.8CVSS0.00263EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a memory leak in the error path of tlsdoencryption. This leak allows for the reuse of resources...

9.8CVSS7.1AI score0.00263EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/22 5:40 p.m.9 views

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +90 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=3.0.2 <=3.9.2)

i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.0, =0.0.1, =0.0.229 and more Source cves: CVE-2026-41690 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415526...

8.6CVSS5.7AI score0.0031EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.12 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS6.1AI score0.01327EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.11 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013636 advisory. In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in...

5.6AI score0.00177EPSS
Exploits0References4
NVD
NVD
added 2026/04/21 5:16 p.m.4 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS0.01327EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 12:5 a.m.7 views

OSV-2026-603 UNKNOWN READ in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504268343 Crash type: UNKNOWN READ Crash state: ::calluncheckedraw::::callimpldocall:: wasmtimeinternalfiber::stackswitch::x8664::wasmtimefiberstart...

5.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...

7.3CVSS5.8AI score0.01327EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010915)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010915 advisory. In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in...

5.6AI score0.00177EPSS
Exploits0References4
Rows per page
Query Builder