Lucene search
+L

9330 matches found

Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-57709

Name of the Vulnerable Software and Affected Versions Real Estate Manager Pro versions prior to 12.8.4 Description Improper neutralization of input during web page generation allows for Reflected Cross-site Scripting XSS, a flaw where an application includes untrusted data in a web page without...

7.1CVSS6.2AI score0.0018EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/12 1:12 a.m.9 views

[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
Fedora
Fedora
added 2026/07/12 1:0 a.m.6 views

[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
OSV
OSV
added 2026/07/11 6:44 a.m.5 views

SUSE-SU-2026:2862-1 Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.54 fixes various security issues The following security issues were fixed: - CVE-2026-43501: ipv6: rpl: reserve maclen headroom when recompressed SRH grows bsc1266015. - CVE-2026-45970: bonding: alb: fix UAF in rlbarprecv during bond...

9.8CVSS6.1AI score0.00475EPSS
Exploits5References19
Rockylinux
Rockylinux
added 2026/07/11 6:0 a.m.5 views

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

8.8CVSS6.1AI score0.00352EPSS
Exploits0
OSV
OSV
added 2026/07/11 6:0 a.m.4 views

RLSA-2026:36365 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath CVE-2026-43112 For more details about the security issues, including...

8.1CVSS6.7AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/11 12:0 a.m.14 views

RockyLinux 8 : kernel-rt (RLSA-2026:36365)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36365 advisory. kernel: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath CVE-2026-43112 Tenable has extracted the preceding description block directly from the...

8.8CVSS6.8AI score0.00352EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/07/10 12:0 a.m.6 views

Unbreakable Enterprise kernel security update

5.15.0-322.203.3.3 - locking/rtmutex: Skip removewaiter when waiter is not enqueued Davidlohr Bueso Orabug: 39706512 - rtmutex: Use waiter::task instead of current in removewaiter Keenan Dong Orabug: 39706512 CVE-2026-43499 5.15.0-322.203.3.2 - KVM: x86/mmu: Ensure hugepage is in by slot before...

7.8CVSS7AI score0.00125EPSS
Exploits28
Cvelist
Cvelist
added 2026/07/09 6:36 p.m.41 views

CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS0.00545EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 6:31 p.m.5 views

EUVD-2026-42649

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.7 views

EUVD-2026-42647

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.9 views

EUVD-2026-42643

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score0.00404EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.8 views

EUVD-2026-42646

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.9 views

EUVD-2026-42645

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 5:17 p.m.9 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
NVD
NVD
added 2026/07/09 5:17 p.m.11 views

CVE-2026-51603

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a...

7.5CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 5:16 p.m.9 views

CVE-2026-51601

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

7.5CVSS0.0041EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 5:16 p.m.14 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

9.8CVSS0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 4:43 p.m.32 views

CVE-2026-59219 Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS0.00259EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:43 p.m.9 views

CVE-2026-59219

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decodetoken without the Redis-backed...

7.1CVSS5.9AI score0.00259EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder