1591 matches found
Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...
CVE-2026-58525
Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...
Juniper Junos OS Vulnerability (JSA110082)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110082 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX with SPC3 and SRX Series allo...
389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
CVE-2026-25268
The CVE-2026-25268 issue is a stack-based buffer overflow in WLAN Host caused by memory corruption when processing invalid HT40 channel layouts during dynamic channel switching. Affects WLAN Host with a Local attack vector, requiring Low privileges and no user interaction, and with a changed scop...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Security Updates for Windows App Client for Windows Desktop (June 2026)
The Windows app installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CVE-2026-42908 - Heap-based buffer overflow in Remote Deskt...
EUVD-2026-41395
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...
EyesOfNetwork - Hardcoded API Key
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. id: CVE-2020-8657 info: name:...
CVE-2026-14079
CVE-2026-14079 affects Google Chrome (Chromium) due to insufficient policy enforcement in Network handling, allowing a crafted HTML page to bypass the same-origin policy before version 150.0.7871.47. Affected: Chrome/Chromium network policy enforcement; Root cause: insufficient policy enforcement...
CVE-2026-14001
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13876
CVE-2026-13876 involves an inappropriate implementation in the Network stack of Google Chrome before version 150.0.7871.47 . The issue allows an attacker with a privileged network position to bypass the page content Security Policy (CSP) through malicious network traffic. The connected documents ...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2026-58058
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...
CVE-2026-12760 Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200
A denial-of-service DoS vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the...
SUSE-SU-2026:22411-1 Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-3150...
EUVD-2026-38647
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...
BIT-DOTNET-2026-45591 ASP.NET Core Denial of Service Vulnerability
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...