Lucene search
K

1002 matches found

Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

7.5CVSS6.8AI score0.01681EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number up to 4.4.5 have a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter ‘device’ ...

6.5CVSS6.5AI score0.01073EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 10:16 a.m.15 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:15 a.m.13 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/06 9:15 a.m.39 views

CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.0123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:58 p.m.11 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS5.6AI score0.00764EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/03 3:50 p.m.45 views

CVE-2026-46266 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

9.1CVSS0.00346EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Fedora 43 : dovecot (2026-693373747f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-693373747f advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

9.1CVSS5.8AI score0.00667EPSS
Exploits1References7
OSV
OSV
added 2026/05/29 1:34 p.m.11 views

OESA-2026-2495 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References16
OSV
OSV
added 2026/05/29 1:34 p.m.13 views

OESA-2026-2494 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 f...

8.1CVSS5.9AI score0.00371EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44486

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description SAUCE patches contain a possible NULL pointer dereference, which occurs when the system handles AF INET/AF INET6 socket mediation. A NULL pointer dereferen...

3.3CVSS5.8AI score0.00094EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/27 6:44 p.m.130 views

Exploit for Incorrect Default Permissions in Supervisord Supervisor

LAB 3 — Supervisord XML-RPC Remote Code Execution CVE-2017-11...

9CVSS7.7AI score0.87544EPSS
Exploits10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: Restricted SOREUSEPORT option for inet sockets. After the bug was identified, it was discovered that crypto sockets could accidentally be destroyed due to RCU callbacks, as noted by zyzbot 1. Attempting to acquire a mut...

5.5CVSS6.4AI score0.00191EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before version 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If the sctpDestroySock function is called without using the socknetsk-sctp.addrwqlock lock, an element...

7CVSS6.7AI score0.00482EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol numbers in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocols without ports, as the destination port is a mandatory attribut...

7.1CVSS5.8AI score0.00237EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Fixed a kernel-infoleak issue for SCTP sockets. The syzbot reported a kernel-infoleak issue of 4 bytes. After analysis, it turned out that r-idiagexpires was not initialized when inetsctpdiagfill called...

7.1CVSS6.4AI score0.00231EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in the supervisor

In Supervisor version 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer confirmed that the affected component, inethttpserver, is not enabled by default. However, if the user enables it and does not set a password, Supervisor will log a warning message...

8.2CVSS7.7AI score0.02283EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The function tcpbpfsendverdict fails to allocate psock-cork when called, and skmsgfree must be called instead. The issue was reported by syzbot as follows: 0 The reproduction of the issue involves the following steps: 1...

7.8CVSS5.9AI score0.00171EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fixed a memory leak in inetdelifa. The following warning was encountered during the fuzzing test: unregisternetdevice: waiting for bond0 to become free. Usage count = 2 This issue can be reproduced as follows: ip link...

5.6AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: inetdiag: The pad field in struct inetdiagreqv2 should be initialized. KMSAN reported an uninitialized access to uninitvalue in rawlookup. For raw sockets, the pad field in struct inetdiagreqv2 is used for the underlying...

5.5CVSS6.3AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder