Lucene search
K

3765 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:11 p.m.3 views

SUSE-SU-2026:22137-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...

9.8CVSS5.6AI score0.93235EPSS
Exploits42References208
Vulnrichment
Vulnrichment
added 2026/06/15 1:55 p.m.10 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS5.2AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 1:55 p.m.30 views

CVE-2026-6517

Mattermost Desktop App (versions

7.7CVSS5.3AI score0.00187EPSS
Exploits0References1Affected Software1
Talos
Talos
added 2026/06/15 12:0 a.m.7 views

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.8 views

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

6.9CVSS6.1AI score0.00836EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 6:23 p.m.10 views

GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

7.2CVSS6.2AI score0.00353EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.11 views

CVE-2026-46433

A flaw was found in lldpd, an implementation of IEEE 802.1ab LLDP. A remote attacker on the adjacent network can send specially crafted Ethernet frames with 802.1Q VLAN Virtual Local Area Network tags. This can cause a 4-byte heap buffer over-read, leading to a denial of service DoS due to an...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References7
CVE
CVE
added 2026/06/12 12:51 p.m.40 views

CVE-2026-45670

Summary (CVE-2026-45670) Nuxt.js dev-server exposure issue affects @nuxt/webpack-builder and @nuxt/rspack-builder. An incomplete fix for GHSA-4gf7-ff8x-hq99 allowed source-code leakage when the dev server is bound to a non-loopback address (for example, nuxt dev --host) and a user visits a malici...

5.9CVSS5.2AI score0.00208EPSS
Exploits1References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...

7.5CVSS6AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 2:35 p.m.40 views

CVE-2026-48860

CVE-2026-48860 affects Erlang/OTP’s TLS-based distribution via the inet_tls_dist.erl check_ip/1, which enforces a LAN allowlist, uses inet:sockname/1 (local address) instead of inet:peername/1, causing the peer’s subnet validation to be bypassed. Any holder of a CA-signed TLS certificate can bypa...

7.5CVSS5.5AI score0.00194EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2026/06/10 2:35 p.m.35 views

CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS0.00194EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.20 views

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. Erlang/OTP has security vulnerabilities in versions prior to 11.7.2, as well as versions 11.6.0.2 and 11.2.12.9. The vulnerability stems from the...

7.5CVSS5.3AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48467

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 26.0 through 29.0.1 Erlang/OTP version 28.5.0.1 and earlier Erlang/OTP version 27.3.4.12 and earlier ssl versions 11.0 through 11.7.1 ssl version 11.6.0.1 and earlier ssl version 11.2.12.8 and earlier Description An issue i...

7.5CVSS6AI score0.00194EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/09 6:31 p.m.10 views

EUVD-2026-35529

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.4AI score0.00662EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 6:9 p.m.39 views

CVE-2026-10045 CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.24 views

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

7.2CVSS5.2AI score0.04447EPSS
Exploits1References1
Rows per page
Query Builder