Lucene search
K

3768 matches found

Nuclei
Nuclei
added yesterday169 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.1AI score0.17894EPSS
Exploits1References2
CVE
CVE
added 2 days ago15 views

CVE-2026-61875

The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42291

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS0.00957EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

0.00957EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 9:20 a.m.7 views

CVE-2026-56766

A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...

8.8CVSS6.5AI score0.01325EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.8 views

SUSE CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References3
OSV
OSV
added 2026/06/26 9:8 p.m.5 views

GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/25 6:1 p.m.29 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...

7.8CVSS6.2AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 10:58 a.m.10 views

EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 10:58 a.m.14 views

CVE-2026-40457 Reflected XSS in LMS

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

2.1CVSS5.4AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 10:58 a.m.10 views

EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:58 a.m.5 views

CVE-2026-40456

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 10:58 a.m.15 views

CVE-2026-40456 OS Command Injection in LMS

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 10:58 a.m.22 views

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

8.6CVSS5.8AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/18 10:38 a.m.9 views

CVE-2026-48860

A flaw was found in Erlang/OTP. The inettlsdist:checkip/1 function, responsible for enforcing a LAN allowlist for Erlang distribution over TLS, incorrectly uses inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. This allows an unauthenticated attacker, possessing a...

7.5CVSS5.6AI score0.00194EPSS
Exploits0References8
Rows per page
Query Builder