Lucene search
K

1895 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-8247

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1 up to and...

7.7CVSS6AI score0.00201EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago5 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01416EPSS
Exploits0References5
NVD
NVD
added last week7 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
Cvelist
Cvelist
added last week32 views

CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
CVE
CVE
added last week17 views

CVE-2026-13207

The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-9263

The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...

8.1CVSS0.00172EPSS
Exploits1References2
CVE
CVE
added 2026/06/30 4:1 p.m.14 views

CVE-2026-9263

The CVE-2026-9263 issue affects Zephyr’s ISO Adaptation Layer (ISOAL) in the Bluetooth controller. The root cause is that framed ISO PDU start segments (sc=0) with len len - 3 to underflow when len is 0–2. This produced an oversized length (up to 253–255) that was passed to isoal_rx_append_to_sdu...

8.1CVSS6AI score0.00172EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53986

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 11:0 p.m.37 views

CVE-2026-13513 MyScale MyScaleDB SegmentId.h getCacheKey data authenticity

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS0.00133EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.8 views

SUSE CVE-2026-53288

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of data, end segment may overflow into the next page of initpgend1 which is the gap page before earlyinitstack2: 1 crasharm64v9.0.1 vtop ffffffed00601000 VIRTUA...

5.9AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:32 p.m.4 views

GHSA-2FP4-5V5C-4448 gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists

Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 7:40 p.m.14 views

CVE-2026-53288

CVE-2026-53288 affects the Linux kernel on arm64 and concerns the early kernel mapping. The issue arises where the final part of the [data, end) segment could overflow into the next page of init_pg_end, just before early_init_stack, when using 4K pages and 2MB block entries. This creates an addit...

5.9AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/64s/slb: Fixed the issue where multiple hits occurred during SLB preloading. On systems that use the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NTFS3 file system where the attr data get block locked function fails to load runs for vcn0 when it resides in a different attribute segment than vcn. This occurs...

6AI score0.00155EPSS
Exploits0References11
OSV
OSV
added 2026/06/23 5:9 p.m.3 views

GHSA-89MR-XQFV-758M Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:9 p.m.9 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 12:59 p.m.6 views

JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments

Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...

6AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in open-iscsi

A issue was discovered in Contiki through version 3.0. An integer overflow exists in the uIP TCP/IP stack component when parsing TCP MSS options for IPv4 network packets in the uipprocess function in net/ipv4/uip.c...

7.5CVSS7.3AI score0.03912EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Do not use DSISR for SLB faults. Since commit 46ddcb3950a2 “powerpc/mm: Show if a bad page fault on data is read or write”, we use pagefaultiswriteregs-dsisr in badpagefault to determine whether the fault is for a re...

5.5CVSS6.2AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an integer underflow leading to out-of-bounds read operations in the zgfxdecompresssegment function. In the context of CopyMemory, it’s possible to read dat...

9.1CVSS7AI score0.01432EPSS
Exploits1References2
Rows per page
Query Builder