1581 matches found
CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...
UniFi Network Application - Path Traversal
UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access. id: CVE-2026-22557 info: name: UniFi Network Application - Path Traversal...
CVE-2026-55054
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...
EUVD-2026-44278
Access of resource using incompatible type 'type confusion' in .NET Core allows an unauthorized attacker to deny service over a network...
CVE-2026-9653
The vulnerability CVE-2026-9653 affects Rockwell Automation 1756-EN2, EN3, and ENBT communication modules. It stems from improper validation of CIP Implicit Connection packets, enabling network-remote denial-of-service when an attacker sends crafted packets; device connections recover immediately...
Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network...
Windows DHCP Server Remote Code Execution Vulnerability
Double free in Windows DHCP Server allows an authorized attacker to execute code over a network...
EUVD-2026-43604
EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...
PT-2026-58489
Name of the Vulnerable Software and Affected Versions Windows Remote Access Connection Manager affected versions not specified Description A use-after-free condition exists in the Windows Remote Access Connection Manager RasMan. This flaw allows an authorized attacker to elevate privileges over a...
CVE-2026-57028
CVE-2026-57028 affects Juniper Networks Junos OS Evolved. An incorrectly initialized process meant to communicate only internally can be reached over the network via an open port, enabling an unauthenticated, network-based attacker to gain unauthorized access to license management. Affected scope...
CVE-2026-0283
An authentication bypass vulnerability in Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not...
EUVD-2026-42401
Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
PT-2026-55950
Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...
CVE-2026-58295
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-54891
A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...
CVE-2026-56841
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...
CVE-2026-55116
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
CVE-2026-55112
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...