Lucene search
K

121895 matches found

Cvelist
Cvelist
added 2026/06/03 3:49 p.m.37 views

CVE-2026-46247 clk: qcom: gfx3d: add parent to parent request map

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove roundrate in favor of determinerate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

0.00123EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 3:49 p.m.10 views

EUVD-2026-34108

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free for extcon in IRQ handler Using the devm variant for requesting IRQ before the devm variant for allocating/registering the extcon handle, means that the extcon handle will be...

5.8AI score0.00125EPSS
Exploits0References4
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS0.00172EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/03 1:17 p.m.9 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.8AI score0.00172EPSS
Exploits0
NVD
NVD
added 2026/06/03 6:16 a.m.15 views

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS0.00349EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/03 5:10 a.m.13 views

WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery

Overview WordPress Plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-8174 Norio Abe reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.7CVSS5.4AI score0.00371EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:56 a.m.12 views

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/06/03 3:56 a.m.39 views

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 3:56 a.m.7 views

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 3:56 a.m.13 views

EUVD-2026-34066

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 3:56 a.m.115 views

CVE-2026-50052

Affected products/versions: Vinyl Cache < 9.0.1 and Varnish Cache

2.3CVSS5.8AI score0.00349EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/03 1:15 a.m.8 views

CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

3.1CVSS4.4AI score0.00287EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/03 12:30 a.m.9 views

CVE-2026-10703 EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

6.5CVSS6.1AI score0.00243EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.38 views

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.19 views

CVE-2026-36576

The vulnerability CVE-2026-36576 affects the openlabs docker-wkhtmltopdf-aas project, specifically the app.py component, with evidence across NVD and related feeds. Up to commit 9f50579, an OS command injection allows an attacker to execute arbitrary commands via a crafted POST request. The CVSS ...

9.8CVSS6AI score0.01491EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46046

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.3.0 through 4.10.x Description A type confusion occurs in OP-TEE OS when processing an 'FFA MEM SHARE' request from the normal world. This issue specifically affects configurations where OP-TEE is set as a Secure Partition...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

7.3CVSS5.9AI score0.00231EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.12 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS6AI score0.01491EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.6 and 5.2.15 contained security vulnerabilities. These...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...

7.8CVSS7AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder