Lucene search
+L

10 matches found

nvd
nvd
added 2026/07/08 10:17 p.m.6 views

CVE-2026-54777

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...

6.5CVSS0.00088EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/08 10:1 p.m.36 views

CVE-2026-54777 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...

6.5CVSS0.00088EPSS
Exploits0References5
cve
cve
added 2026/07/08 10:1 p.m.22 views

CVE-2026-54777

CoreWCF.NetNamedPipe transport is vulnerable to a local TOCTOU race where an attacker can race a NamedPipeListener between the shared-memory GUID publication and the creation of the service pipe, enabling interception of NetNamedPipe traffic by attaching to a pre-existing named pipe instance. Aff...

6.5CVSS6AI score0.00088EPSS
Exploits0References5
osv
osv
added 2026/07/08 10:1 p.m.3 views

CVE-2026-54777 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...

6.5CVSS6.1AI score0.00088EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

5.9CVSS5.8AI score0.00126EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-24814

Malicious code in bioql PyPI...

8.5CVSS6.5AI score0.0016EPSS
Exploits0References1
cve
cve
added 2025/08/14 1:39 p.m.18 views

CVE-2025-9036

Rockwell Automation FactoryTalk Action Manager (v1.0.0 Runtime) is affected by a vulnerability in its runtime event system that permits unauthenticated local access to a reusable API token. The token is broadcast over a WebSocket and can be intercepted by any local client listening on the connect...

8.5CVSS7.1AI score0.0016EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...

4.6CVSS6.5AI score0.00351EPSS
Exploits0References3
osv
osv
added 2019/11/06 7:15 p.m.9 views

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

3.3CVSS5.8AI score0.0031EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2007/05/03 5:19 p.m.34 views

CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...

4.6CVSS5.9AI score0.00351EPSS
Exploits0References2
Rows per page
Query Builder