CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•10 views

CVE-2026-47146

CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...

7.1CVSS5.8AI score0.00249EPSS

Exploits0References2Affected Software1

EUVD•added 5 days ago•4 views

EUVD-2026-39399

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS

Cvelist•added 5 days ago•29 views

CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2

7.1CVSS0.00249EPSS

CVE•added 5 days ago•8 views

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger asserts that terminate the process. The issue affects devices that already joined the network and that support the Color Control cluster. The problem is caused by malformed Color Control messages and results in an appli...

7.1CVSS5.8AI score0.00249EPSS

Exploits0References2Affected Software1

Cvelist•added 5 days ago•31 views

CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS

Github Security Blog•added 2026/06/11 1:27 p.m.•10 views

@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

5.5AI score0.00052EPSS

Exploits0References8Affected Software1

RedhatCVE•added 2026/06/05 7:12 p.m.•10 views

CVE-2026-39959

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

7.1CVSS5.5AI score0.00124EPSS

NVD•added 2026/06/05 5:16 p.m.•13 views

CVE-2025-5089

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

7.1CVSS0.00235EPSS

CVE•added 2026/06/05 3:44 p.m.•14 views

CVE-2025-5089

CVE-2025-5089 describes a DoS condition in Arista EOS CVX deployments where malformed messages between a CVX server and connected EOS Switch can crash SysDB on EOS or destabilize the CVX cluster, requiring high-privilege access to send crafted TCP packets. Affected products are Arista EOS with Cl...

Vulnrichment•added 2026/06/05 3:44 p.m.•8 views

CVE-2025-5089 Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

EUVD•added 2026/06/05 3:44 p.m.•9 views

EUVD-2025-210075

ATTACKERKB•added 2026/06/05 3:44 p.m.•5 views

CVE-2025-5089

Exploits0References2Affected Software1

Cvelist•added 2026/06/05 3:44 p.m.•39 views

CVE-2025-5089 Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

7.1CVSS0.00235EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•16 views

PT-2026-46974

CNNVD•added 2026/06/05 12:0 a.m.•5 views

Arista CloudVision eXchange 安全漏洞

Arista CloudVision eXchange is a control plane exchange platform developed by Arista Technologies in the United States, aimed at data centers and enterprise networks. There is a security vulnerability in Arista CloudVision eXchange. This vulnerability stems from EOS switches’ lack of flexibility...

7.1CVSS5.3AI score0.00235EPSS

Tenable Nessus•added 2026/06/04 12:0 a.m.•6 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GoBGP vulnerabilities (USN-8348-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8348-1 advisory. It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote...

7.5CVSS6.8AI score0.00631EPSS

Exploits1References7

Vulnrichment•added 2026/06/02 9:22 p.m.•7 views

CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS5.8AI score0.00284EPSS