Lucene search
K

2318 matches found

Nuclei
Nuclei
added 9 hours ago47 views

Radio Player <= 2.0.82 - Server-Side Request Forgery

The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

7.2CVSS7AI score0.05213EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago138 views

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

6.1CVSS6.5AI score0.10358EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added 2026/06/25 11:42 p.m.7 views

CVE-2026-53256

A flaw was found in the Linux kernel's Bluetooth RFCOMM Radio Frequency Communication subsystem. A race condition in the rfcommconnectind function, specifically during the handling of listener sockets, can lead to a use-after-free vulnerability. A local attacker could exploit this to cause a deni...

8CVSS6AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 2:11 p.m.8 views

EUVD-2026-39417

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53256

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

8CVSS5.6AI score0.00266EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a deadlock between nfcunregisterdevice and rfkillfopwrite. A deadlock can occur between nfcunregisterdevice and rfkillfopwrite due to the inverted lock order between devicelock and rfkillglobalmutex. The problemat...

5.5CVSS5.5AI score0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51976

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...

6AI score0.00164EPSS
Exploits0References17
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:51 p.m.12 views

CVE-2026-0126

In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...

9.8CVSS6.2AI score0.00277EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:51 p.m.25 views

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00277EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 7:18 a.m.8 views

wireshark: Buffer Over-read in Wireshark

A flaw was found in the RF4CE Profile dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a buffer over-read, resulting in a denial of service...

7.5CVSS5.4AI score0.00157EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49785

Name of the Vulnerable Software and Affected Versions WC-Radio affected versions not specified Description A missing bounds check in WC-Radio allows for an out-of-bounds write, which is a memory corruption occurance where data is written outside the intended buffer. This can lead to remote code...

9.8CVSS6.5AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49294

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action radio on with ia apn function through the ia parameter. Command injection is a flaw that allows an attacker to execute arbitrary operating syst...

9.8CVSS6.2AI score0.01046EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 8:16 p.m.15 views

CVE-2026-50552

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:51 p.m.34 views

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS0.0016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:51 p.m.9 views

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS5.4AI score0.0016EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:51 p.m.10 views

EUVD-2026-36546

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS5.5AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:51 p.m.23 views

CVE-2026-50552

Koel (open-source music streaming) is affected prior to version 9.7.1 by a Server-Side Request Forgery (SSRF) in the radio station creation endpoint (POST /api/radio/stations). The url validation rules are declared without bail, allowing the HasAudioContentType rule to issue HTTP requests even af...

6.3CVSS5.5AI score0.0016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48965

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.7.1 Description An authenticated, non-admin user can cause the server to make HEAD or GET requests to arbitrary internal hosts. This occurs because the validation rules for the url field in the "POST /api/radio/station...

6.3CVSS5.4AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 a.m.9 views

CVE-2026-36792

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
Rows per page
Query Builder