Lucene search
+L

68 matches found

nvd
nvd
added 2 days ago4 views

CVE-2026-5040

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS0.00093EPSS
Exploits0References3
cve
cve
added 2 days ago6 views

CVE-2026-5040

The CVE-2026-5040 entry applies to TP-Link Deco M5 v1. The issue stems from a weak password hashing mechanism used to store user credentials. An attacker who obtains the password hash via system compromise or privileged access could perform brute-force or dictionary attacks. Practical consequence...

7.1CVSS6.1AI score0.00093EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago40 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS0.00093EPSS
Exploits0References3
nvd
nvd
added 2026/06/02 11:16 p.m.16 views

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS0.00317EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/02 10:51 p.m.16 views

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/02 10:51 p.m.12 views

EUVD-2026-34051

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References1
osv
osv
added 2026/06/02 10:51 p.m.2 views

CVE-2026-41412 alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS6AI score0.00317EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/02 10:50 p.m.8 views

CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/02 10:50 p.m.8 views

CVE-2026-35482

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/02 10:50 p.m.40 views

CVE-2026-35482

CVE-2026-35482 : alf.io’s extension script engine vulnerability allows an authenticated administrator to escape the Rhino sandbox and execute arbitrary OS commands on the server. The issue stems from an unguarded injected Java object (returnClass) combined with an incomplete AST blocklist, enabli...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.22 views

PT-2026-45879

Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description A sandbox escape issue in the extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The system uses a sandboxed Rhino...

8CVSS6.3AI score0.00211EPSS
Exploits0References10
schneier
schneier
added 2026/05/21 4:3 p.m.11 views

macOS Kernel Memory Corruption Exploit

A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2026/05/08 12:0 a.m.11 views

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-ai (>=0.6.0 <=0.8.7) +115 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.0.0-M5 <=1.0.6)

org.springframework.ai:spring-ai-openai MAVEN version =1.0.0-M5, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - app.valuationcontrol:library =0.5.9 - com.alibaba.cloud.ai:spring-ai-alibaba-agent-nacos =1.0.0.4 -...

7.5CVSS5.7AI score0.0026EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/27 12:0 a.m.8 views

ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.28) +12 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

8.6CVSS5.4AI score0.00394EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/27 12:0 a.m.6 views

org.springframework.ai:spring-ai-gemfire-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-gemfire (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-gemfire-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-gemfire-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321389...

8.6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/27 12:0 a.m.9 views

org.springframework.ai:spring-ai-oracle-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-oracle (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-oracle-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-oracle-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321393...

8.6CVSS5.8AI score0.00394EPSS
Exploits0
redhatcve
redhatcve
added 2025/11/13 1:0 a.m.15 views

CVE-2025-65002

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters...

7.5CVSS6.9AI score0.0026EPSS
Exploits0References1
nvd
nvd
added 2025/11/12 6:15 p.m.7 views

CVE-2025-65002

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters...

7.5CVSS0.0026EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/12 12:0 a.m.4 views

CVE-2025-65002

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters...

7.5CVSS6.5AI score0.0026EPSS
Exploits0References1
cve
cve
added 2025/11/12 12:0 a.m.24 views

CVE-2025-65002

The vulnerability CVE-2025-65002 affects Fujitsu Fsas Technologies iRMC S6 (M5) prior to version 1.37S. It stems from incorrect authorization (CWE-863) for the Remote Management Controller implemented in PRIMERGY, allowing a user with non-administrator privileges to access the Web UI or Redfish A...

7.5CVSS6.5AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder