Lucene search
+L

1199 matches found

OSV
OSV
added 2026/05/28 10:16 a.m.9 views

UBUNTU-CVE-2026-46208

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 9:40 a.m.39 views

CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

7.8CVSS0.00138EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.10 views

CVE-2026-46208

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/05/28 9:40 a.m.14 views

EUVD-2026-32835

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

5.8AI score0.00138EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/28 9:40 a.m.12 views

EUVD-2026-32833

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...

5.8AI score0.00139EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 9:40 a.m.5 views

CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References11
NVD
NVD
added 2026/05/28 8:16 a.m.28 views

CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.0025EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.9 views

CVE-2026-7621 SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.37 views

CVE-2026-7621 SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44202

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.32 views

PT-2026-44331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...

9.8CVSS6AI score0.00501EPSS
Exploits5References294
OSV
OSV
added 2026/05/22 1:6 p.m.9 views

CLSA-2026-1779455173 Fix CVE(s): CVE-2026-43618

SECURITY UPDATE: integer overflow in compressed-token decoder allows memory disclosure to a malicious sender - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and add overflow checks in recvcompressedtokennum/run; add CHUNKSIZE bound check in simplerecvtoken; initialize data=NUL...

8.1CVSS5.9AI score0.0078EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thunderbird

When displaying the sender of an email, if the sender’s name contained multiple Braille space characters, Thunderbird would display all those spaces. This could be exploited by an attacker to send an email message with the attacker’s digital signature, where the signature was displayed along with...

6.5CVSS6.8AI score0.0038EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird parses addresses in a way that can allow sender spoofing in cases where the server allows an invalid From address to be used. For example, if the From header contains an invalid value like “Spoofed Name”, Thunderbird will treat “[email protected]” as the actual address. This...

7.5CVSS6.9AI score0.00333EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fixed use-after-free and list corruption on sender errors. The analysis from Breno indicates that when the SMI sender returns an error, the smiwork function delivers an error response but then jumps back to restart without...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

9.8CVSS8.6AI score0.02935EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed a heap-based buffer overflow in the queuerun function, through two sender options: -R and -S. This could lead to privilege escalation from the exim user to the root user...

7.8CVSS6.9AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/19 4:43 a.m.14 views

EUVD-2026-30835

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder