Lucene search
K

3089 matches found

Nuclei
Nuclei
added yesterday177 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.6AI score0.03333EPSS
Exploits1References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-62659

A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings...

6.8CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-62659 Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points

A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43649

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced All versions. Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local networ...

7.4CVSS6AI score0.00215EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago17 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7AI score0.37366EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago11 views

EUVD-2026-43235

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-42646

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added last week5 views

EUVD-2026-42645

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References2
NVD
NVD
added last week9 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added last week10 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS0.00402EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 12:31 a.m.9 views

EUVD-2026-42468

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS5.5AI score0.00285EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.9 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.28 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 11:16 p.m.7 views

CVE-2026-15105

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS0.00285EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 11:16 p.m.5 views

UBUNTU-CVE-2026-15105

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS6.3AI score0.00285EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/08 10:15 p.m.31 views

CVE-2026-15105 davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS0.00285EPSS
Exploits0References7
CVE
CVE
added 2026/07/08 10:15 p.m.11 views

CVE-2026-15105

CVE-2026-15105 affects davenardella snap7 up to 1.4.3. The flaw resides in TS7Worker::PerformFunctionRead (src/core/s7_server.cpp) within the ReadVar Request Handler, causing deserialization. Exploitation requires local-network access and a public exploit has been published. The project was infor...

6.3CVSS6.2AI score0.00285EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56618

Name of the Vulnerable Software and Affected Versions davenardella snap7 versions prior to 1.4.4 Description A flaw in the ReadVar Request Handler component allows for deserialization. The issue resides in the TS7Worker::PerformFunctionRead function within the src/core/s7 server.cpp file...

6.3CVSS6.6AI score0.00285EPSS
Exploits0References9
NVD
NVD
added 2026/07/07 10:16 p.m.9 views

CVE-2026-55490

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS0.00684EPSS
Exploits1References3
Rows per page
Query Builder