CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 hours ago•5 views

CVE-2026-49942 Net::CIDR::Set versions through 0.20 for Perl did not validate network masks

ATTACKERKB•added 5 hours ago•1 views

CVE-2026-49942

7.3CVSS5.8AI score

CVE•added 5 hours ago•7 views

CVE-2026-49942

CVE-2026-49942 affects Net::CIDR::Set for Perl up to version 0.20. The vulnerability stems from improper validation of network masks: the mask portion could contain Unicode digits (e.g., Arabic-Indic One U+0661) or non-digits, which were ignored, potentially allowing larger networks. Leading zero...

7.3CVSS5.8AI score

Positive Technologies•added 21 hours ago•5 views

PT-2026-46268

7.3CVSS5.8AI score

NVD•added 2 days ago•8 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS0.0004EPSS

CVE•added 2 days ago•9 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon (up to version 2.19.0) is affected by a stack-based buffer overflow in the BGP AS_PATH mask matching implementation (nest/a-path.c). The as_path_match() routine uses a fixed-size stack capable of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segme...

6.3CVSS6.1AI score0.0004EPSS

Cvelist•added 2 days ago•28 views

CVE-2026-49943

6.3CVSS0.0004EPSS

EUVD•added 2 days ago•8 views

EUVD-2026-33980

6.3CVSS6.1AI score0.0004EPSS

Positive Technologies•added 2 days ago•6 views

PT-2026-45806

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS PATH mask matching implementation in nest/a-path.c. The as path match function uses a fixed-size stack array of 2048 + 1 pm pos entries, while parse path expands AS PATH segments from a receive...

6.3CVSS6.1AI score0.0004EPSS

Exploits1References3

CVE•added 6 days ago•7 views

CVE-2026-10099

XX-Net version 5.16.6 is affected by a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py. The issue arises because the server unconditionally reads 4 bytes as a masking key regardless of the MASK bit in the frame header, causing the first 4 byt...

5.1CVSS5.8AI score0.00018EPSS

Cvelist•added 6 days ago•27 views

CVE-2026-10099 XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS0.00018EPSS

Vulnrichment•added 6 days ago•7 views

CVE-2026-10062 TRENDnet TEW-432BRP formSetRoute stack-based overflow

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS7.8AI score0.00041EPSS

Exploits1References4

CNNVD•added 6 days ago•5 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from command injection in the file/goform/formSetRoute, where parameters such as ip, mask, and gateway can be used to...

6.5CVSS6.7AI score0.01058EPSS

Exploits1References4

Positive Technologies•added 6 days ago•4 views

PT-2026-44834

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

6.5CVSS6.2AI score0.01058EPSS

Exploits1References5

SUSE CVE•added 2026/05/28 4:1 a.m.•6 views

SUSE CVE-2025-71305

In the Linux kernel, the following vulnerability has been resolved: drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayeddestroywork ends up coming into play after a DP 2.1 monit...

5.8AI score0.00032EPSS

SUSE CVE•added 2026/05/28 3:56 a.m.•6 views

SUSE CVE-2026-45900

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix netdev memory leak in dpaa2caamprobe When commit 0e1a4d427f58 "crypto: caam: Unembed netdev structure in dpaa2" converted embedded netdevice to dynamically allocated pointers, it added cleanup in...

5.7AI score0.00023EPSS