Lucene search
K

23140 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-44805

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44799

CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...

6.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-33444

The CVE-2026-33444 entry describes a memory management vulnerability in Secure Access servers prior to version 14.55. The issue allows attackers who have intimate knowledge and total control over the tunnel protocol to cause a non-persistent DoS against the server. The CVSS score is 6.9 (Medium) ...

6.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-40958

CVE-2026-40958 involves an input validation error in Secure Access clients prior to 14.55. The root cause is improper input validation in the tunnel protocol handling, allowing attackers with intimate knowledge and total control of the tunnel protocol to trigger a non-persistent DoS against the c...

3.7CVSS6.1AI score
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44791

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-40952

The CVE-2026-40952 entry describes a privilege misconfiguration in the Windows Secure Access installer for the client and server prior to version 14.55. Local attackers with access to the affected system can elevate privileges to Administrator when Secure Access is installed in a non-default loca...

8.5CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday14 views

CVE-2025-32781 Apollo: Apollo Portal release endpoint allows cross-application configuration disclosure via releaseId

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added yesterday13 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a...

7.5CVSS6.1AI score0.00177EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added yesterday4 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday12 views

CVE-2026-58077 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS0.00418EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References1
OSV
OSV
added yesterday5 views

USN-8545-1 linux-hwe-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
Nuclei
Nuclei
added yesterday50 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.1AI score0.1755EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday11 views

Gnuboard 5 - Cross-Site Scripting

Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...

7.1CVSS6.7AI score0.01812EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday49 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6.1AI score0.01443EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday12 views

GnuBoard5 5.5.16 - Open Redirect

Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter. id: CVE-2024-37656 info: name: GnuBoard5 5.5.16 - Open Redirect author:...

6.1CVSS6.2AI score0.00494EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday46 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6.1AI score0.01323EPSS
Exploits1References4
Rows per page
Query Builder