Lucene search
K

1591 matches found

Nuclei
Nuclei
added 16 hours ago16 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7AI score0.21691EPSS
Exploits6References3
NVD
NVD
added 5 days ago7 views

CVE-2026-58525

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS0.00362EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Juniper Junos OS Vulnerability (JSA110082)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110082 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX with SPC3 and SRX Series allo...

8.2CVSS6.1AI score0.00405EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS6.2AI score0.0067EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 8:9 p.m.18 views

CVE-2026-25268

The CVE-2026-25268 issue is a stack-based buffer overflow in WLAN Host caused by memory corruption when processing invalid HT40 channel layouts during dynamic channel switching. Affects WLAN Host with a Local attack vector, requiring Low privileges and no user interaction, and with a changed scop...

8.8CVSS6AI score0.00072EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00438EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.9 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00429EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00405EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Security Updates for Windows App Client for Windows Desktop (June 2026)

The Windows app installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CVE-2026-42908 - Heap-based buffer overflow in Remote Deskt...

8.8CVSS7.4AI score0.01001EPSS
Exploits0References16
EUVD
EUVD
added 2026/07/02 2:50 p.m.6 views

EUVD-2026-41395

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.31 views

EyesOfNetwork - Hardcoded API Key

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. id: CVE-2020-8657 info: name:...

9.8CVSS7.3AI score0.91874EPSS
Exploits4References2
CVE
CVE
added 2026/06/30 10:39 p.m.40 views

CVE-2026-14079

CVE-2026-14079 affects Google Chrome (Chromium) due to insufficient policy enforcement in Network handling, allowing a crafted HTML page to bypass the same-origin policy before version 150.0.7871.47. Affected: Chrome/Chromium network policy enforcement; Root cause: insufficient policy enforcement...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-14001

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS6AI score0.00171EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.17 views

CVE-2026-13876

CVE-2026-13876 involves an inappropriate implementation in the Network stack of Google Chrome before version 150.0.7871.47 . The issue allows an attacker with a privileged network position to bypass the page content Security Policy (CSP) through malicious network traffic. The connected documents ...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 6:26 p.m.9 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/28 1:32 a.m.11 views

CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 6:10 p.m.30 views

CVE-2026-12760 Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service DoS vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the...

7.1CVSS0.00222EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:59 a.m.3 views

SUSE-SU-2026:22411-1 Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-3150...

9.8CVSS6.7AI score0.03663EPSS
Exploits25References18
EUVD
EUVD
added 2026/06/24 3:34 a.m.7 views

EUVD-2026-38647

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:39 a.m.3 views

BIT-DOTNET-2026-45591 ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References22
Rows per page
Query Builder