Lucene search
K

53316 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-10666

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS
Exploits0References3
Cvelist
Cvelist
added 3 hours ago8 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS
Exploits0References3
CVE
CVE
added 3 hours ago9 views

CVE-2026-10666

CVE-2026-10666 affects Zephyr’s net_ipaddr_parse() path (IPv4 address-with-port parsing via net_ipaddr_parse() in subsys/net/ip/utils.c). The bug stems from parse_ipv4() copying the port suffix into a fixed 17-byte buffer without validating port length, using a length derived from an unbounded in...

8.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago6 views

EUVD-2026-43243

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS
Exploits0References2
CVE
CVE
added 3 hours ago10 views

CVE-2026-10664

CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43241

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 3 hours ago12 views

ghostlock-ace6t

GhostLock — OnePlus Ace 6T Jailbreak Kernel exploit for OnePl...

7.8CVSS6.2AI score0.00125EPSS
Exploits7
GithubExploit
GithubExploit
added 15 hours ago33 views

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

Executive Summary The CVE-2026-20127 Defensive Companion is a...

10CVSS7.1AI score0.57793EPSS
Exploits10
Nuclei
Nuclei
added 16 hours ago21 views

OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

10CVSS7.2AI score0.99999EPSS
Exploits10References2
Nuclei
Nuclei
added 16 hours ago46 views

Xceedium Xsuite <=2.4.4.5 - Local File Inclusion

Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/readsessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. id: CVE-2015-4666 info: name: Xceedium Xsuite =2.4.4.5 - Local File Inclusion author: 0xAkoko severity: medium...

5CVSS7.2AI score0.16235EPSS
Exploits5References5
Nuclei
Nuclei
added 16 hours ago42 views

Xsuite <=2.4.4.5 - Open Redirect

Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...

6.1CVSS6.8AI score0.06719EPSS
Exploits4References5
Nuclei
Nuclei
added 16 hours ago32 views

Joomla! Component Magic Updater - Local File Inclusion

A directory traversal vulnerability in the Magic Updater comjoomlaupdater component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1307 info: name: Joomla! Component Magic Updater - Local File Inclusion author:...

5CVSS6.2AI score0.10158EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago79 views

H3C Magic R300-2100M - Remote Code Execution

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. id: CVE-2023-33629 info: name: H3C Magic R300-2100M - Remote Code Execution author: DhiyaneshDK severity: high description: | H3C Magic R300 version...

7.2CVSS7AI score0.04353EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago64 views

Brother Printers – Authentication Bypass via Default Admin Password

By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...

9.8CVSS7.1AI score0.23635EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago35 views

WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

9.8CVSS7.1AI score0.22133EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago107 views

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

7.5CVSS7AI score0.02885EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago29 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.3AI score0.70947EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago76 views

Hue Magic 3.0.0 - Local File Inclusion

Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. id: CVE-2021-25864 info: name: Hue Magic 3.0.0 - Local File Inclusion author: 0xAkoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. impact: | The LFI...

7.5CVSS7AI score0.09331EPSS
Exploits1References4
Rows per page
Query Builder