Lucene search
K

8526 matches found

EUVD
EUVD
added 23 hours ago4 views

EUVD-2026-43546

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS7.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday29 views

CVE-2026-15680 Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-15680

CVE-2026-15680 affects Lorex 2K Indoor Wi‑Fi Security Camera. The vulnerability is in the sonia binary’s JSON request parsing, where lack of validation of a user‑supplied string used as a format specifier can allow a network‑adjacent attacker to execute arbitrary code with root privileges. Authen...

7.5CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2026/07/03 2:16 p.m.16 views

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 1:16 p.m.11 views

EUVD-2026-41545

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS6AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 1:16 p.m.37 views

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 1:16 p.m.20 views

CVE-2026-46465

Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an externally-controlled format string vulnerability. A high-privilege attacker with remote access could exploit this over the network, potentially...

5.5CVSS6AI score0.00238EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55540

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...

5.5CVSS6AI score0.00238EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:56 p.m.8 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:16 a.m.10 views

CVE-2026-57877

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.8 views

EUVD-2026-39633

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.41 views

CVE-2026-57877 GV-LPC2011/LPC2211 - unauthorized format string vulnerability (vlsvr)

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:17 a.m.21 views

CVE-2026-57877

Geovision GV-LPC2011/LPC2211 devices running vlsvr (affected firmware V1.12 and earlier) expose an unauthenticated format-string vulnerability in log message handling during login. The issue arises from improper handling of externally controlled input in the login processing path, potentially all...

8.6CVSS5.8AI score0.00247EPSS
Exploits0References1
Debian
Debian
added 2026/06/24 6:24 p.m.4 views

[SECURITY] [DLA 4646-1] postgresql-13 security update

Debian LTS Advisory DLA-4646-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 24, 2026 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.23-0+deb11u4 CVE ID : CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
CVE
CVE
added 2026/06/22 3:31 p.m.146 views

CVE-2026-54268

The CVE affects Angular’s Date formatting in the @angular/common package. The formatDate utility (and DatePipe) can trigger a Denial of Service when confronted with a maliciously long or attacker-controlled date format string. The root cause is an internal parser that iteratively splits the forma...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/16 12:16 p.m.15 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 10:16 a.m.9 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 10:16 a.m.26 views

CVE-2026-10828

The CVE-2026-10828 affects the NPort W2150A-W4/W2250A-W4 Serial Param config page, where the alias parameter is vulnerable to format-string handling due to insufficient input validation in version 1.5 and earlier. This can lead to memory disclosure and potential ASLR bypass. No exploitation detai...

6.9CVSS5.4AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 10:16 a.m.34 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 10:16 a.m.10 views

EUVD-2026-37062

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

8.6CVSS5.3AI score0.00472EPSS
Exploits0References1
Rows per page
Query Builder