Lucene search
K

105079 matches found

RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-60001

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6AI score0.00265EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59999

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6AI score0.0014EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-55514

A flaw was found in vLLM, a library for Large Language Model LLM inference and serving. A remote attacker, authorized to make a /v1/completions request, can send a specially crafted prompt embeds payload. This action causes the EngineCore to fail an assertion and fatally crash, leading to a Denia...

7.1CVSS5.9AI score0.0037EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 6 days ago4 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.8AI score0.0049EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago8 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.6AI score0.0049EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56649

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Navigation component allows a remote attacker to bypass site isolation by using a crafted HTML page. Site isolation is a security feature that...

9.6CVSS6.1AI score0.0027EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56630

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue exists in Views, which can lead to heap corruption. A remote attacker can exploit this by convincing a user to perform specific UI gestures while visiting a...

9.6CVSS6AI score0.00306EPSS
Exploits0References37
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56633

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An out-of-bounds read and write issue exists within the Codecs component. This flaw allows a remote attacker to potentially trigger heap corruption, which occurs when a program writes...

9.6CVSS6AI score0.0027EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56638

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A race condition in the GetUserMedia function allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered via a...

8.8CVSS6AI score0.0026EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56636

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Payments component allows a remote attacker to potentially exploit heap corruption. This occurs when a user is convinced to perform specific UI gestures...

8.8CVSS6.2AI score0.0026EPSS
Exploits0References37
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56642

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in the Document Object Model DOM, which is the programming interface for HTML and XML documents, allows a remote attacker to potentially cause heap...

8.8CVSS6AI score0.0026EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56639

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Core component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is...

8.8CVSS6AI score0.0026EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56646

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in WebGL allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that allows scripts to be executed across...

9.6CVSS6.2AI score0.0027EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56650

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An inappropriate implementation in the Navigation component allows a remote attacker to bypass site isolation by using a crafted HTML page. Site isolation is a security feature that...

9.6CVSS6.1AI score0.0027EPSS
Exploits0References35
CVE
CVE
added 6 days ago7 views

CVE-2026-24697

Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago6 views

CVE-2026-24700

Cisco CVE-2026-24700 affects the RC binary’s start_lltd() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The machine_name parameter is not properly sanitized, enabling OS command injection by an authenticated remote attacker with root privileges. Documented imp...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

0.00957EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-24698

CVE-2026-24698 concerns an OS command injection in the Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8) devices. The vulnerability exists in the save_syslog_to_file() function of the Cisco httpd binary, where the model_name configuration parameter is not properly san...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added last week5 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
Rows per page
Query Builder