Lucene search
K

14826 matches found

Nuclei
Nuclei
added yesterday13 views

ThinkCMF X2.2.2 - Remote Code Execution

ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets. id: CVE-2020-20601 info: name: ThinkCMF X2.2.2 - Remote Code Execution author: pikpikcu severity: critical...

9.8CVSS7.6AI score0.07598EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago79 views

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned...

7.8CVSS7AI score0.7977EPSS
Exploits5References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-15169

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service DoS by sending a specially crafted Universal Mobile Telecommunications System UMTS FP protocol packet. The flaw resides in the UMTS FP protocol dissector, which can lead to a crash of the...

7.5CVSS6AI score0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-15166

A flaw was found in Wireshark, a network protocol analyzer. An attacker could exploit this vulnerability by sending a specially crafted network packet, which would cause the IEEE 802.11 protocol dissector to crash. This issue results in a denial of service, making the Wireshark application...

5.7CVSS5.9AI score0.00133EPSS
Exploits1References5
NVD
NVD
added 6 days ago6 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score0.00732EPSS
Exploits0References5Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-29007

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00467EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56560

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added last week8 views

freerdp: FreeRDP: Arbitrary code execution via crafted RDPGFX PDUs

A heap-buffer-overflow vulnerability exists in FreeRDP when handling Remote Desktop Protocol Graphics RDPGFX. A malicious or compromised RDP server can exploit this flaw by sending specially crafted graphics packets to a connected client, potentially crashing the client application Denial of...

8.8CVSS7.5AI score0.0042EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56281

Name of the Vulnerable Software and Affected Versions Fire-Boltt Smartwatch FB BGS001 version MOY-JS14-2.0.4 Description Improper authentication allows the device to accept GATT Write Request commands without sufficient authentication or strong session validation. This enables a nearby device to...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2807 radvd security update

The router advertisement daemon radvd is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6...

8.8CVSS6.2AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54437

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Command injection exists in the ms service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An...

10CVSS6.2AI score0.03081EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-262 NASA AIT-Core vulnerable to SQL Injection

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...

9.8CVSS5.8AI score0.00603EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:10 a.m.8 views

batman-adv: tvlv: reject oversized TVLV packets

...

9.8CVSS5.8AI score0.00247EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 3:40 p.m.8 views

CVE-2026-52997

A flaw was found in the Linux kernel's schdualpi2 qdisc queueing discipline component. When dualpi2change attempts to enforce updated limit and memory limit values, it may incorrectly try to dequeue packets from an empty C-queue while packets are present in the L-queue. This can lead to a NULL sk...

5.7AI score0.00173EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 2:56 p.m.14 views

CVE-2026-52946

A flaw was found in the Linux kernel. A lock order deadlock can occur in the sendsigio and sendsigurg functions when a process group receives a signal. This vulnerability, caused by an unsafe lock order during software interrupts SOFTIRQ in asynchronous I/O fasync signaling, could allow a remote...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.33 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 8:20 a.m.11 views

CVE-2026-53132

A flaw was found in the Linux kernel's vsock/virtio component. A remote attacker could send specially crafted packets with zero length and an End-of-Message EOM flag. This could lead to an unbounded queue of packets, consuming excessive memory and potentially causing a Denial of Service DoS due t...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References4
Rows per page
Query Builder