Lucene search
K

35 matches found

Cvelist
Cvelist
added 2026/06/30 3:55 p.m.35 views

CVE-2026-58174 Hermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on Import

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS0.00265EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...

7.8CVSS6.6AI score0.0018EPSS
Exploits2References7
OSV
OSV
added 2026/06/17 2:44 p.m.5 views

SUSE-SU-2026:2437-1 Security update for wireshark

This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile import crash and possible code execution bsc1263809...

7.8CVSS6.2AI score0.0018EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2026/06/11 1:14 p.m.261 views

Exploit for CVE-2026-48907

CVE-2026-48907 Educational PoC ⚠️ This repository is for ed...

10CVSS5.7AI score0.80425EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.26 views

TencentOS Server 4: wireshark (TSSA-2026:0340)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0340 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.8CVSS8AI score0.0039EPSS
Exploits4References5
Github Security Blog
Github Security Blog
added 2026/05/28 5:37 p.m.24 views

compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

5.9AI score0.00061EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.12 views

openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...

7.8CVSS6.5AI score0.00206EPSS
Exploits34References99
OSV
OSV
added 2026/05/09 12:31 p.m.9 views

OESA-2026-2226 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...

7.8CVSS5.9AI score0.00206EPSS
Exploits37References38
RedhatCVE
RedhatCVE
added 2026/05/04 7:42 p.m.7 views

CVE-2026-5656

A flaw was found in Wireshark. A path traversal can occur when a malformed configuration profile is imported, resulting in a denial of service or potentially in code execution. Mitigation To mitigate this flaw, do not import configuration profiles from untrusted or unverified sources...

7.8CVSS6AI score0.0018EPSS
Exploits1References5
OSV
OSV
added 2026/05/01 12:16 a.m.4 views

DEBIAN-CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS6.2AI score0.0018EPSS
Exploits1References1
NVD
NVD
added 2026/05/01 12:16 a.m.5 views

CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS0.0018EPSS
Exploits1References7
OSV
OSV
added 2026/05/01 12:16 a.m.6 views

UBUNTU-CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS6.4AI score0.0018EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/01 12:16 a.m.5 views

CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS6.4AI score0.0018EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/30 11:3 p.m.30 views

CVE-2026-5656 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7CVSS0.0018EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/30 11:3 p.m.5 views

CVE-2026-5656 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7CVSS6.2AI score0.0018EPSS
Exploits1References2
CVE
CVE
added 2026/04/30 11:3 p.m.17 views

CVE-2026-5656

CVE-2026-5656 affects Wireshark profiles import in Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, due to improper restriction of a pathname to a restricted directory (path traversal). The issue can lead to denial of service and possible code execution. CVSS v3.1: AV Local, AC High, PR None, UI Required,...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/04/30 11:3 p.m.3 views

CVE-2026-5656 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7CVSS7.6AI score0.0018EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2026/04/30 11:3 p.m.8 views

CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS6.2AI score0.0018EPSS
Exploits1
EUVD
EUVD
added 2026/04/30 11:3 p.m.5 views

EUVD-2026-26463

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7CVSS5.8AI score0.0018EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:3 p.m.4 views

CVE-2026-5656

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7CVSS5.9AI score0.0018EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder