CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 3 days ago•33 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS

ATTACKERKB•added 3 days ago•6 views

CVE-2026-57473

5.8CVSS5.8AI score0.00145EPSS

CVE•added 3 days ago•9 views

CVE-2026-57473

The CVE affects Reolink Home Hub netclient and factory services, prior to v3.3.0.456_26031911. The issue enables brute-force credential cracking on the local network, allowing an attacker on the same LAN to intercept traffic between the Hub and connected cameras and compromise camera credentials....

5.8CVSS5.8AI score0.00145EPSS

EUVD•added 3 days ago•7 views

EUVD-2026-39646

5.8CVSS5.8AI score0.00145EPSS

Cvelist•added 4 days ago•32 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS

Github Security Blog•added last week•8 views

Gogs has SSRF in webhook deliveries

Summary The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This was already communicated in the initial report but it looks like there...

8.3CVSS6.8AI score0.01193EPSS

Exploits1References4Affected Software1

OSV•added last week•6 views

GHSA-C4V7-XG93-QF8G Gogs has SSRF in webhook deliveries

8.3CVSS5.9AI score0.00402EPSS

Exploits0References4

OSV•added 2026/06/19 7:35 p.m.•4 views

GHSA-X84V-G949-293W Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

7.6CVSS6AI score0.00193EPSS

Cvelist•added 2026/06/19 1:41 p.m.•29 views

CVE-2026-9142 Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS0.00308EPSS

ATTACKERKB•added 2026/06/19 1:41 p.m.•6 views

CVE-2026-9142

9.3CVSS5.9AI score0.00308EPSS

Exploits0References3

CVE•added 2026/06/19 1:41 p.m.•17 views

CVE-2026-9142

NI grpc-device versions prior to 2.17.0 are affected by an insecure default credentials vulnerability when TLS configuration is absent and the server binds beyond the loopback interface. This could allow an unauthenticated access to the server on the local network. No exploit details or fixes are...

9.3CVSS5.9AI score0.00308EPSS

Exploits0References2Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-083...

4.3CVSS6.1AI score0.01006EPSS

Exploits1References1

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in sane-backends

4.3CVSS6.1AI score0.01077EPSS

Exploits1References1

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places, such as commit b117e1e8a86d “net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel”, DSA is written under the assumption that higher layers perform...

5.5CVSS6AI score0.00234EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in edk2

EDK2 is vulnerable to a vulnerability in the Tcg2MeasureGptTable function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

7.8CVSS6.8AI score0.00288EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in edk2

EDK2 is vulnerable to a vulnerability in the Tcg2MeasurePeImage function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

7.8CVSS6.8AI score0.00287EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in sane-backends

4.3CVSS6.1AI score0.01204EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079...

5.7CVSS6.4AI score0.01041EPSS