Lucene search
K

5441 matches found

EUVD
EUVD
added 2026/05/29 4:58 p.m.12 views

EUVD-2026-33368

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Frontier 访问控制错误漏洞

Frontier is an Ethereum-compatible layer of Substrate. It is used to run unmodified Ethereum Dapps. Frontier X2 has a access control vulnerability that stems from the lack of mandatory pairing authentication or authorization, allowing unauthorized BLE reads and writes of critical GATT features...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 6:16 p.m.21 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS0.00177EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 5:1 p.m.9 views

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 5:1 p.m.11 views

EUVD-2026-32955

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:1 p.m.8 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/28 3:51 p.m.13 views

USN-8339-1 openjdk-25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2026/05/28 12:5 p.m.15 views

USN-8334-1 openjdk-25-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2026/05/28 12:1 p.m.17 views

USN-8333-1 openjdk-21-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS5.8AI score0.00702EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2026/05/28 11:45 a.m.22 views

USN-8331-1: OpenJDK 11 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:38 a.m.31 views

USN-8330-1: OpenJDK 8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
OSV
OSV
added 2026/05/28 6:12 a.m.16 views

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the REST API, which failed to enforce user viewing permissions when creating or updating objects using...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/27 3:33 p.m.10 views

EUVD-2026-32386

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

5.7AI score0.00146EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/05/27 12:18 p.m.8 views

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.5CVSS5.7AI score0.0016EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty...

7.8CVSS6.6AI score0.00146EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 9:0 a.m.17 views

CVE-2026-42002

A flaw was found in pdns-recursor. Concurrency and locking defects in the Generic Security Service Algorithm for Secret Key Transaction Signatures GSS-TSIG could allow a remote attacker to cause a denial of service...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.18 views

Slackware Linux 15.0 / current kernel-generic Multiple Vulnerabilities (SSA:2026-144-01)

The version of kernel-generic installed on the remote host is prior to 5.15.208 / 5.15.208smp / 6.12.91 / 6.18.33. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-144-01 advisory. New kernel packages are available for Slackware 15.0 and -current to fix a...

8.8CVSS5.2AI score0.03663EPSS
Exploits18References3
Cvelist
Cvelist
added 2026/05/24 2:30 a.m.19 views

CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS0.0041EPSS
Exploits0References4
Redos
Redos
added 2026/05/24 12:0 a.m.45 views

ROS-20260524-73-0009

A vulnerability in the JGSS component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow a remote attacker to gain...

5.3CVSS7.2AI score0.0028EPSS
Exploits0
Rows per page
Query Builder