Lucene search
K

2739 matches found

EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42781

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6AI score0.00516EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-54423

OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...

8.2CVSS6AI score0.00516EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42776

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-54423

A malicious user with access to deploy a node directly via Ironic can specify the IPMI sendraw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI sendraw capability is exposed multiple ways, including via VendorPassthru interfaces restricted to system admin and...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References4
Rockylinux
Rockylinux
added 6 days ago4 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
Rockylinux
Rockylinux
added 6 days ago5 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
Rockylinux
Rockylinux
added 6 days ago5 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
Cvelist
Cvelist
added last week26 views

CVE-2026-55490 OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS0.00684EPSS
Exploits1References3
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-920 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

7.6CVSS6AI score0.00641EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:10 a.m.6 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score0.00428EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 3:16 a.m.5 views

UBUNTU-CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References9
CVE
CVE
added 2026/07/06 2:15 a.m.11 views

CVE-2026-14790

GPAC 26.02.0 is affected in the Media File Handler, specifically the nhmldump_send_frame function in src/filters/write_nhml.c. A manipulation can cause a null pointer dereference, with local access required. An exploit has been published and a patch (bd1d94e70e3bef364c07c5a1d94eca5c9f56e160) is a...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.14 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

GHSA-HW9R-H9MR-4JFF OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates

Summary Some internal command handlers require operator.approvals or operator.admin scopes. In affected releases, a scoped Gateway chat.send request delivered through an inherited external route could be evaluated as an external-channel command while still carrying the lower Gateway client scopes...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-749 Path Traversal in scout-browser

Scout is a Variant Call Format VCF visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to sendfile call in versions prior to 4.52...

6.8CVSS5.9AI score0.01296EPSS
Exploits1References9
Rows per page
Query Builder