Lucene search
K

126426 matches found

RedHat Linux
RedHat Linux
added 2026/06/04 10:49 a.m.7 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 9:26 a.m.9 views

EUVD-2026-34229

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 9:26 a.m.23 views

CVE-2026-50224

CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...

6.9CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/04 9:16 a.m.8 views

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS0.0037EPSS
Exploits0References1
ICS
ICS
added 2026/06/04 6:0 a.m.13 views

NAVTOR NavBox

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

6.3CVSS5.3AI score0.00122EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.11 views

SUSE CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

6.9CVSS5.7AI score0.00429EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.8 views

SUSE CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

9.1CVSS5.8AI score0.00346EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/04 1:36 a.m.14 views

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-3.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00254EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.11 views

PT-2026-46397

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description Platforms running Arista EOS with OpenConfig configured may process a gNMI Set request that should have been rejected. This flaw allows unexpected configurations to be applied to the switc...

9.6CVSS5.4AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46407

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.8AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

quic-go 安全漏洞

Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the fact that the web management panel is widely bound to the public IPv6 address space at port :::8080, with no default firewa...

6.9CVSS5.3AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that under 802.1X mode, if there are devices supporting EAPOL in the back-end VLAN,...

6.5CVSS5.3AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a security vulnerability. This vulnerability stems from the fact that the FTP account processing program does not enforce a shell whitelist, which may allow arbitrary shell...

9.4CVSS5.4AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.44 views

WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents

WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FRR vulnerabilities (USN-8376-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8376-1 advisory. It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker cou...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46176

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The web administration panel binds broadly to the public IPv6 address space on port ':::8080' without default firewall limits. This configuration allows internal...

6.9CVSS5.3AI score0.00234EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/03 11:45 p.m.11 views

CVE-2026-8722

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00203EPSS
Exploits0References3
Rows per page
Query Builder