Lucene search
K

14785 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 8:4 p.m.3 views

CVE-2026-4436 GPL Odorizers GPL750 Missing Authentication for Critical Function

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...

8.6CVSS5.8AI score0.00448EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:4 p.m.3 views

CVE-2026-4436

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...

8.6CVSS6AI score0.00448EPSS
Exploits0References4Affected Software4
Cvelist
Cvelist
added 2026/04/09 7:47 p.m.20 views

CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

9.8CVSS0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31742

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the advanced forwarding toolkit evo-aftmand/evo-pfemand of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service DoS.An...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Contemporary Controls BASControl20 安全漏洞

Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...

9.8CVSS5.9AI score0.00443EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 8:16 p.m.5 views

UBUNTU-CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 7:58 p.m.5 views

CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.4CVSS6AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 7:55 p.m.18 views

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS0.00463EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006797 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is...

5.5CVSS6.4AI score0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006738 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...

7.8CVSS6.3AI score0.00139EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006707 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.1 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006774 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

5.5CVSS6.4AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/07 8:13 p.m.7 views

EUVD-2026-19972

netavark has incorrect error handling for malformed tcp packets...

6.2CVSS5.9AI score0.00383EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/07 8:13 p.m.13 views

netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

7.5CVSS5.9AI score0.00383EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/07 8:13 p.m.4 views

GHSA-HFPQ-X728-986J netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

7.5CVSS5.8AI score0.00383EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/07 12:25 p.m.5 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.8AI score0.00534EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30705

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400 Description An incorrect handling of LTE...

9.1CVSS5.9AI score0.00307EPSS
Exploits0References6
CVE
CVE
added 2026/04/06 12:0 a.m.16 views

CVE-2025-58349

The CVE-2025-58349 entry concerns Samsung Exynos-related L2 components (Mobile Processor, Wearable Processor, and Modems) where improper handling of LTE MAC packets containing many MAC Control Elements (CEs) can crash the baseband. Affected products include Exynos 980/990/850/1080/2100/1280/2200/...

9.1CVSS5.9AI score0.00307EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.4 views

SUSE CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:19 p.m.2 views

CVE-2020-37216 Hirschmann HiOS EtherNet/IP Stack Denial of Service

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...

8.7CVSS6AI score0.00921EPSS
Exploits0References2
Rows per page
Query Builder