Lucene search
K

3758 matches found

Nuclei
Nuclei
added yesterday97 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.3AI score0.17894EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 3 days ago3 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-56766

A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...

8.8CVSS6.5AI score0.00474EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.00474EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 6:1 p.m.24 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.00474EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...

7.8CVSS6.2AI score0.00291EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed the issue of null pointer dereference in the vlan tunnel destination. This patch addresses a null pointer dereference issue caused by lockless access in the tunnel egress path. When deleting a vlan tunnel, the...

5.5CVSS6.1AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp – fixed the double-free of WoL irq. We no longer need to free wolirq, as it was instantiated using devmrequestirq. Therefore, devres will handle the freeing of resources on our behalf...

7.8CVSS5.2AI score0.00129EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed skbunderpanic in ip6mrcachereport. skbuff: skbunderpanic: Text: fffffffff88771f69; Len: 56; Put: -4; Head: ffffff88c5f86a800; Data: fffff887f5f86a850; Tail: 0x88; End: 0x2c0; Device: pim6reg. ----------- Cut here...

5.5CVSS6.2AI score0.00178EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...

5.5CVSS6.7AI score0.00572EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 10:58 a.m.9 views

EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 10:58 a.m.14 views

CVE-2026-40457 Reflected XSS in LMS

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

2.1CVSS5.4AI score0.00318EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 10:58 a.m.15 views

CVE-2026-40456 OS Command Injection in LMS

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 10:58 a.m.8 views

EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 10:58 a.m.17 views

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

8.6CVSS5.8AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/18 10:38 a.m.8 views

CVE-2026-48860

A flaw was found in Erlang/OTP. The inettlsdist:checkip/1 function, responsible for enforcing a LAN allowlist for Erlang distribution over TLS, incorrectly uses inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. This allows an unauthenticated attacker, possessing a...

7.5CVSS5.6AI score0.00194EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:11 p.m.3 views

SUSE-SU-2026:22137-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...

9.8CVSS5.6AI score0.93235EPSS
Exploits40References208
CVE
CVE
added 2026/06/15 1:55 p.m.25 views

CVE-2026-6517

Mattermost Desktop App (versions

7.7CVSS5.3AI score0.00187EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder