Lucene search
K

2230 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-41442

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-54402

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...

9.9CVSS
Exploits0References1
OSV
OSV
added 2026/06/22 5:39 a.m.3 views

BIT-DOTNET-SDK-2026-45591 ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:37 a.m.16 views

BIT-ASPNET-CORE-2026-45591 ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS0.00408EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:27 p.m.5 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in dnsmasq

A flaw was discovered in dnsmasq in versions prior to 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, who can determine the outgoing port used by dnsmasq, only needs to guess the random...

4.3CVSS6.7AI score0.01988EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in gnutls28

A timing side-channel vulnerability in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be used to recover the key encrypted in the RSA ciphertext across a network, in a Bleichenbacher-style attack. To successfully decrypt the data, the attacker would...

7.4CVSS6.8AI score0.01403EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...

5.5CVSS5.9AI score0.02497EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:39 p.m.7 views

CVE-2026-32174

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.3AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37576

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-27870

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

4.8CVSS0.00293EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 10:54 a.m.13 views

CVE-2026-46909

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD...

9.8CVSS0.00483EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:13 a.m.9 views

CVE-2026-27869

The CVE-2026-27869 entry concerns the Regesta Smart HD-PLC by Teldat (model TLDPH16D2, 11.02.05.10.02). An attacker on the network can perform a Slow Loris-style attack to cause a Denial of Service on the device’s web interface. The impact is a DoS with network access and low attack complexity; c...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.25 views

Windows Server Update Service - Insecure Deserialization

Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. id: CVE-2025-59287 info:...

9.8CVSS8.9AI score0.99962EPSS
Exploits24References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49977

Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.4.0 through 8.4.9 MySQL Shell versions 9.0.0 through 9.7.0 Description An issue exists in the Shell: Dump and Load component of Oracle MySQL. An unauthenticated attacker with network access via multiple protocols can...

6.5CVSS5.9AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49856

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description A flaw in the Client Bundle component of Oracle WebCenter Enterprise Capture allows a low privileged attacker with networ...

9.9CVSS5.7AI score0.00402EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/15 7:54 a.m.9 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS6.8AI score0.00323EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/15 5:0 a.m.10 views

CVE-2026-12221 Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 5:54 p.m.8 views

CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.00539EPSS
Exploits0References2
Rows per page
Query Builder