Lucene search
+L

6555 matches found

Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.14 views

PT-2026-45201

Name of the Vulnerable Software and Affected Versions Tenda W12 version 3.0.0.74763 Description A remote denial of service issue exists within the Web Management Interface. The problem occurs in the cgiSysWebTimeoutSet function located in the /bin/httpd file. An attacker can trigger this conditio...

7.1CVSS6.6AI score0.00368EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS7.1AI score0.01732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.18 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:59 p.m.15 views

EUVD-2026-33420

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS5.6AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 10:33 a.m.7 views

BIT-RABBITMQ-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:6 a.m.8 views

ipmi: Add limits to event and receive message requests

...

7.5CVSS5.4AI score0.00501EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44972

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108PE v5 affected versions not specified Description A stored cross-site scripting XSS issue exists in the web management interface. This occurs because the SYSNAM configuration parameter is not properly sanitized during the...

5.3CVSS5.7AI score0.00239EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 9:12 p.m.18 views

CVE-2026-46128

A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers BMCs. Some BMCs may return an empty message instead of an expected error, which...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 8:16 p.m.14 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.15 views

CVE-2026-9458

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed fr...

10CVSS7.1AI score0.02094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01732EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:4 p.m.13 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 7:4 p.m.39 views

CVE-2026-9037

The CVE-2026-9037 issue affects the XCharge C6 charging controller’s firmware update mechanism. The firmware update process does not validate the authenticity of firmware packages delivered via the device management interface, because cryptographic signatures are not verified. An attacker with ac...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:4 p.m.10 views

EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:32 p.m.13 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.16 views

CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

9CVSS7.8AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.16 views

CVE-2026-9454

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The...

10CVSS7AI score0.01909EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.14 views

CVE-2026-9436

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

10CVSS7AI score0.02005EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46108

In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 9:36 a.m.48 views

CVE-2026-46177

The CVE-2026-46177 issue affects the Linux kernel IPMI driver. It describes a vulnerability where the driver could continuously fetch events and receive messages from the BMC (or become stuck) due to the BMC not signaling completion or the attn bit getting stuck. The documented fix limits event/m...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder