Lucene search
K

3274 matches found

RedHat Linux
RedHat Linux
added 2026/05/27 9:42 p.m.15 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 6:45 a.m.11 views

EUVD-2026-31799

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 6:45 a.m.23 views

CVE-2026-8046

CVE-2026-8046 affects CODESYS Control: an authenticated, low-privileged remote user can trigger improper authorization to delete user accounts, including higher-privilege accounts. The issue is caused by insufficient authorization checks when deleting users, leading to potential impact on integri...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43198

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.37 views

VulnCheck KEV: CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.8AI score0.01157EPSS
In wildExploits3References3
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.31 views

SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.10 views

SUSE CVE-2026-8015

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 3:16 p.m.11 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS0.00514EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 12:17 p.m.3 views

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS0.00457EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 11:2 a.m.29 views

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS0.00457EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/07 12:30 a.m.20 views

EUVD-2026-19549

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS5.9AI score0.00841EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/06 9:28 p.m.16 views

CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS0.00841EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.3 views

CVE-2026-28858

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

9.8CVSS6AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2026/03/25 1:17 a.m.10 views

CVE-2026-28858

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

9.8CVSS0.00534EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 12:32 a.m.8 views

EUVD-2026-15131

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

9.8CVSS6.1AI score0.00534EPSS
Exploits1References1
CVE
CVE
added 2026/03/25 12:32 a.m.20 views

CVE-2026-28858

CVE-2026-28858 affects Apple iOS/iPadOS kernels: a buffer overflow caused by insufficient bounds checking in input processing can lead to kernel memory corruption and potential remote code execution. The issue is fixed in iOS 26.4 / iPadOS 26.4; update to apply the mitigation. Reported vectors ar...

9.8CVSS6.1AI score0.00534EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-27582

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

6.1AI score0.00534EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 4:21 p.m.5 views

CVE-2026-22901 QuNetSwitch

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

8.7CVSS6.1AI score0.00949EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 9:30 a.m.4 views

EUVD-2026-12785

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

6.5CVSS6AI score0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 7:33 a.m.8 views

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

6.5CVSS6AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder