Lucene search
K

244 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS
Exploits0References2
CVE
CVE
added 7 hours ago8 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation via the KernCoreLib64.sys kernel driver. An attacker with local access can use exposed IOCTL handlers to perform arbitrary physical memory read/write and unrestricted I/O port operations without administrator privileges. This can enable ma...

8.5CVSS6AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-42053

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A “off-by-one” read/write issue was identified in the SDHCI device of QEMU. This issue occurs when reading/writing the Buffer Data Port Register using the sdhcireaddataport and sdhciwritedataport functions, specifically when datacount == blocksize. A malicious guest could exploit this flaw to cra...

8.6CVSS6.9AI score0.00802EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.12 views

CVE-2026-10831

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS0.00292EPSS
Exploits0References1
Debian
Debian
added 2026/06/11 6:48 p.m.9 views

[SECURITY] [DSA 6340-1] neutron security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2026 https://www.debian.org/security/faq -...

2.2CVSS5.3AI score0.00262EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Debian dsa-6340 : neutron-api - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6340 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz...

2.2CVSS5.4AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.10 views

CVE-2024-6858

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41060

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

7.7CVSS5.6AI score0.003EPSS
Exploits1References1
CVE
CVE
added 2026/06/04 9:51 p.m.29 views

CVE-2024-6858

In Arista EOS, CVE-2024-6858 affects multiple EOS releases (EOS 4.31.x, 4.30.x, 4.29.x, 4.28.x) where 802.1X is enabled and a fallback VLAN with an EAPOL-capable device can allow multi-auth unauthenticated hosts access to a switch port. Root cause: improper authentication handling when using dot1...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:51 p.m.31 views

CVE-2024-6858 In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:0 p.m.8 views

CVE-2019-25719

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/05/13 12:20 p.m.11 views

K000160981: iControl REST and tmsh vulnerability CVE-2026-40698

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation...

8.7CVSS5.4AI score0.00235EPSS
Exploits0Affected Software12
Vulnrichment
Vulnrichment
added 2026/04/14 3:5 p.m.3 views

CVE-2026-4832

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 9:31 p.m.18 views

Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 9:6 p.m.3 views

CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

6.3CVSS5.8AI score0.0051EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 9:16 a.m.4 views

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS0.00703EPSS
Exploits1References18
Cvelist
Cvelist
added 2026/03/27 8:10 a.m.30 views

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS0.00703EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:10 a.m.9 views

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS5.9AI score0.00703EPSS
Exploits1References2
Rows per page
Query Builder