Lucene search
K

6974 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34261

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

6.5CVSS5.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44003

A flaw was found in vm2 before 3.11.0. A code transformer fast-path skips AST analysis when catch, import, and async are absent, allowing direct access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL and internal security functions handleException, wrapWith, import. Fixed in 3.11.0...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

7.2CVSS5.3AI score0.04544EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39371

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...

8.1CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 1:24 p.m.10 views

EUVD-2026-34831

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00197EPSS
Exploits2References2
NVD
NVD
added 2026/06/05 11:16 a.m.13 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:15 a.m.10 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.4AI score0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.10 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.5AI score0.00094EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 10:15 a.m.11 views

EUVD-2026-34802

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:15 a.m.33 views

CVE-2026-21030

CVE-2026-21030 describes an improper access control issue in MediaTek Audio HAL prior to the SMR Jun-2026 Release 1, enabling local attackers to trigger privileged functions. The affected component is MediaTek Audio HAL; root cause is improper access control, with impact described as privileged a...

7.8CVSS5.5AI score0.00094EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Devices prior to the SMR Jun-2026 Release 1 version have security vulnerabilities. These vulnerabilities stem from improper access control, which may allo...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.7AI score0.00337EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 12:4 p.m.37 views

CVE-2026-45431

CVE-2026-45431 affects GX Earth ONT models. The issue stems from improper handling of user-supplied input in multiple diagnostic functions within the web management interface, enabling an authenticated remote attacker to inject commands and achieve remote code execution with root privileges. The ...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:16 a.m.4 views

ALPINE-CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 6:16 a.m.12 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

8.7CVSS6.1AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Kurt Yazılım WriteUp Mobile App 安全漏洞

Kurt Yazılım WriteUp Mobile App is a story creation and reading community platform developed by the Turkish company Kurt Yazılım. There are security vulnerabilities in the Kurt Yazılım WriteUp Mobile App version 1.3.0 up to version 04062026. These vulnerabilities stem from improper access control...

8.8CVSS5.3AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46194

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder