Lucene search
+L

2326 matches found

cve
cve
added yesterday4 views

CVE-2026-59865

Kiota (OpenAPI-based HTTP Client code generator) prior to version 1.32.5 is vulnerable. The issue arises in kiota info where x-ms-kiota-info.languagesInformation..dependencyInstallCommand, along with dependency name/version, could be used to present a spec-supplied command as Kiota’s recommended ...

9.3CVSS6.2AI score
Exploits0References4
cve
cve
added 2026/07/01 3:33 a.m.17 views

CVE-2026-7830

CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/01 3:33 a.m.38 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.0022EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/07/01 3:33 a.m.13 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.9 views

PT-2026-54486

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...

7.4CVSS5.9AI score0.0022EPSS
Exploits0References7
cve
cve
added 2026/06/30 10:50 p.m.26 views

CVE-2026-56413

CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...

10CVSS6.2AI score0.03081EPSS
Exploits0References3
ossf
ossf
added 2026/06/29 4:53 p.m.11 views

Malicious code in @ms-ows/logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, a underflow of the sizet variable in the IMA-ADPCM and MS-ADPCM audio decoders led to a heap-buffer-overflow issue through the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM...

9.8CVSS6AI score0.00317EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-51656

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description Memory corruption occurs within the GV-Cloud functionality. A remote attacker can trigger a denial of service by sending a specially crafted network request while impersonating the legitimate...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/12 10:16 p.m.35 views

CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

7.8CVSS0.00122EPSS
Exploits0References1
cve
cve
added 2026/06/12 10:16 p.m.34 views

CVE-2025-14098

Avira Antivirus engine heap buffer out-of-bounds write (integer overflow) when scanning a malformed MS-DOS executable file. Affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.104. Impact: local code execution or denial-of-service of the antivirus engine process. ...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.19 views

PT-2026-49046

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.104 Description A heap buffer out-of-bounds write occurs due to an integer overflow in the antivirus engine when scanning a malformed MS-DOS executable file. This can lead to local execution of code or ...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.13 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.5AI score0.00075EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/04 11:0 a.m.9 views

CVE-2026-10801 modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
githubexploit
githubexploit
added 2026/06/03 7:43 p.m.88 views

Exploit for CVE-2026-2256

CVE-2026-...

6.5CVSS5.8AI score0.01611EPSS
Exploits2
redhat
redhat
added 2026/05/26 2:2 a.m.12 views

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References6
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have known vulnerabilities that have been exploited in the wild although we know of none exploited through Thunderbird. Therefore, in thi...

6.5CVSS7.4AI score0.00783EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Wireshark

Excessive memory consumption in the MS-WSP dissector in Wireshark versions 3.4.0 to 3.4.4, and 3.2.0 to 3.2.12 may allow denial of service through packet injection or malicious capture files...

6.5CVSS6.8AI score0.02023EPSS
Exploits1References1
redhat
redhat
added 2026/05/19 9:56 p.m.13 views

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References6
snyk
snyk
added 2026/05/15 8:46 a.m.12 views

Malicious Package

Overview ms-graph-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder