CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•9 views

CVE-2026-54514

CVE-2026-54514 affects jackson-databind’s InetSocketAddress handling during deserialization. From 2.0.0 up to fixes in 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress(host, port), causing eager DNS resolution at readValue time and enabling an attacker to trigger...

5.3CVSS5.9AI score

Nuclei•added 2 days ago•33 views

GL.iNET SSID Key Disclosure

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. id: CVE-2023-31478 info: name: GL.iNET SSID Key Disclosure author: DhiyaneshDK severity: high description: | An issue was discovered on GL.iNet...

7.5CVSS7.2AI score0.29699EPSS

Exploits1References1

RedHat Linux•added 4 days ago•7 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.5AI score0.004EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: Restrict SOREUSEPORT to inet sockets. After the bug was identified, crypto sockets could accidentally be destroyed due to a RCU call back, as discovered by zyzbot 1. Attempting to acquire a mutex in an RCU callback is not...

5.5CVSS6.1AI score0.00191EPSS

Exploits0References2

RedhatCVE•added last week•5 views

CVE-2026-49759

A flaw was found in Erlang OTP Open Telecom Platform erts, specifically within the inetdrv component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol SCTP ERROR chunk. This can lead to a...

8.8CVSS5.3AI score0.0046EPSS

Exploits0References8

RedHat Linux•added 2026/06/16 6:39 p.m.•4 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

9.8CVSS5.9AI score0.004EPSS

EUVD•added 2026/06/15 12:31 a.m.•10 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS

Exploits0References7

Cvelist•added 2026/06/14 10:0 p.m.•22 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

9CVSS0.0194EPSS

Vulnrichment•added 2026/06/14 10:0 p.m.•9 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

9CVSS7.4AI score0.0194EPSS

NVD•added 2026/06/14 9:16 p.m.•9 views

CVE-2026-12186

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS

EUVD•added 2026/06/14 8:45 p.m.•10 views

EUVD-2026-36665

9CVSS7.7AI score0.01966EPSS

Cvelist•added 2026/06/14 8:45 p.m.•22 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

9CVSS0.01966EPSS

Positive Technologies•added 2026/06/14 12:0 a.m.•12 views

PT-2026-49110

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description An issue in the Online Firmware Upgrade Handler component allows for remote command injection via the /usr/bin/one click upgrade file. Command injection is a flaw that allows an attacker to...

9CVSS8.4AI score0.0194EPSS

Exploits0References10

Positive Technologies•added 2026/06/14 12:0 a.m.•11 views

PT-2026-49144

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description A command injection flaw exists in the Tor Proxy Service Configuration Handler. The issue is located within the replace country function in the /usr/lib/oui-httpd/rpc/tor library, allowing a...

9CVSS8.4AI score0.01966EPSS

Exploits0References8

SUSE CVE•added 2026/06/13 2:16 a.m.•8 views

SUSE CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.5AI score0.0046EPSS

Tenable Nessus•added 2026/06/11 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...

7.5CVSS6AI score0.00194EPSS

OSV•added 2026/06/11 12:0 a.m.•7 views

UBUNTU-CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv...

8.8CVSS5.3AI score0.0046EPSS

Exploits0References4

NVD•added 2026/06/10 4:17 p.m.•10 views

CVE-2026-49759

8.8CVSS0.0046EPSS

Cvelist•added 2026/06/10 2:35 p.m.•30 views

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS