Lucene search
+L

494 matches found

attackerkb
attackerkb
added yesterday7 views

CVE-2026-59236

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score
Exploits0References4Affected Software1
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40417

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.7AI score0.00374EPSS
Exploits0References4
osv
osv
added 2026/06/30 10:16 p.m.4 views

DEBIAN-CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.8AI score0.00374EPSS
Exploits0References1
nessus
nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-56117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows loc...

5.7CVSS6.2AI score0.00093EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/24 1:56 a.m.10 views

CVE-2026-56117

A flaw was found in dhcpcd. A heap use-after-free vulnerability in the control socket handling allows a local unprivileged attacker to trigger memory corruption. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References5
nvd
nvd
added 2026/06/23 5:17 p.m.9 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS0.00093EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/23 4:14 p.m.5 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References3
cve
cve
added 2026/06/23 4:14 p.m.38 views

CVE-2026-56117

CVE-2026-56117: dhcpcd up to version 10.3.2 contains a local heap use-after-free in the control socket handling (src/control.c). The root cause is that control_recvdata() can free the client object while a subsequent READ+HANGUP event reaches control_hangup() with a stale pointer, enabling memory...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/23 4:14 p.m.4 views

CVE-2026-56117 dhcpcd Heap Use-After-Free via Control Socket Handling

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS6AI score0.00093EPSS
Exploits0References5
euvd
euvd
added 2026/06/23 4:14 p.m.8 views

EUVD-2026-38498

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/23 4:14 p.m.40 views

CVE-2026-56117 dhcpcd Heap Use-After-Free via Control Socket Handling

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS0.00093EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/06/23 4:14 p.m.16 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.24 views

PT-2026-51566

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A heap use-after-free issue exists in the control socket handling within src/control.c. This occurs when privilege separation is disabled or initialization fails, leaving the control socket in mode...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/11 2:59 a.m.12 views

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/10 8:21 p.m.11 views

CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0
cve
cve
added 2026/06/10 6:32 p.m.28 views

CVE-2026-50638

CVE-2026-50638 affects Metrics::Any::Adapter::DogStatsd (Perl) versions before 0.04. The issue arises because the DogStatsd adapter does not validate newline or statsd control characters in tags, enabling potential metric injections when multiple metrics are sent per UDP/TCP packet. The vulnerabi...

9.1CVSS5.8AI score0.00343EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.22 views

Russh 授权问题漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References1
osv
osv
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.21 views

PT-2026-48300

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An authenticated user can cause a server crash or the return of incorrect results by creating documents that interfere with internal metadata processing during query execution. This issue is...

7.1CVSS5.5AI score0.00368EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the process of virtual device separation in genpd, and it may lead to null pointer dereferencing...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder