105079 matches found
CVE-2026-60001
A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...
CVE-2026-59999
A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...
CVE-2026-55514
A flaw was found in vLLM, a library for Large Language Model LLM inference and serving. A remote attacker, authorized to make a /v1/completions request, can send a specially crafted prompt embeds payload. This action causes the EngineCore to fail an assertion and fatally crash, leading to a Denia...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
PT-2026-56649
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Navigation component allows a remote attacker to bypass site isolation by using a crafted HTML page. Site isolation is a security feature that...
PT-2026-56630
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in Views, which can lead to heap corruption. A remote attacker can exploit this by convincing a user to perform specific UI gestures while visiting a...
PT-2026-56633
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An out-of-bounds read and write issue exists within the Codecs component. This flaw allows a remote attacker to potentially trigger heap corruption, which occurs when a program writes...
PT-2026-56638
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A race condition in the GetUserMedia function allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered via a...
PT-2026-56636
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Payments component allows a remote attacker to potentially exploit heap corruption. This occurs when a user is convinced to perform specific UI gestures...
PT-2026-56642
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in the Document Object Model DOM, which is the programming interface for HTML and XML documents, allows a remote attacker to potentially cause heap...
PT-2026-56639
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Core component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is...
PT-2026-56646
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in WebGL allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that allows scripts to be executed across...
PT-2026-56650
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in the Navigation component allows a remote attacker to bypass site isolation by using a crafted HTML page. Site isolation is a security feature that...
CVE-2026-24697
Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...
CVE-2026-24700
Cisco CVE-2026-24700 affects the RC binary’s start_lltd() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The machine_name parameter is not properly sanitized, enabling OS command injection by an authenticated remote attacker with root privileges. Documented imp...
CVE-2026-24699
An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...
CVE-2026-24698
CVE-2026-24698 concerns an OS command injection in the Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8) devices. The vulnerability exists in the save_syslog_to_file() function of the Cisco httpd binary, where the model_name configuration parameter is not properly san...
CVE-2026-58471
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...