CVE-2026-9718

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service...

CVE-2026-9718

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service...

EUVD-2026-39435

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service...

CVE-2026-9717

CVE-2026-9717 is a CWE-78 OS Command Injection vulnerability. Description states that a privileged, authenticated user can trigger unauthorized command execution with elevated privileges by interacting with a vulnerable network-exposed service. Documents consistently describe impact to integrity,...

EUVD-2026-39146

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9786

CVE-2026-9786 affects Quest NetVault Backup NVBUDashboard. The flaw is a SQL injection in the NVBUDashboard JSON-RPC message processing that fails to validate a user-supplied string used to build SQL queries, allowing code execution in the context of NETWORK SERVICE. Authentication is required to...

CVE-2026-9785 Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive is affected by a SQL Injection in the JSON‑RPC message processing path. The flaw stems from improper validation of a user-supplied string used to construct SQL queries, enabling an attacker to execute arbitrary code in the context of NETWORK SERVICE. Authenti...

CVE-2026-9781 Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

CVE-2026-12847

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.101, using the "after free" mechanism in the Network service in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nsh: Added restoration of skb-protocol, data, macheader for the outer header in nshgsosegment. The syzbot exploited various vulnerabilities by using a crafted GSO packet for VIRTIONETHDRGSOUDP that included the following...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: removed the never-working support for setting nsh fields. The validation of the setnsh... action is completely incorrect. It involves the nshkeyputfromnlattr function, which is the same function used to...

Debian dsa-6340 : neutron-api - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6340 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz...

Windows Kerberos Denial of Service Vulnerability

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

EUVD-2026-31085

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

Astra Linux - уязвимость в chromium

Before version 105.0.5195.52, using the "after free" mechanism in the Network Service in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...