Lucene search
K

207 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 8:16 a.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00752EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 5:19 p.m.4 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 5:19 p.m.15 views

CVE-2026-57949

ruoyi-vue-pro (through 2026.05) contains a missing authorization vulnerability in the CRM module’s GET /admin-api/crm/follow-up-record/get endpoint. The issue allows an authenticated user to read any follow-up record by iterating sequential numeric IDs, exfiltrating follow-up notes, file attachme...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.54 views

CVE-2026-41992 Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:6 p.m.1 views

CVE-2026-56770 libais 0.15 - Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS6AI score0.00339EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 8:44 p.m.7 views

CVE-2026-52928

A flaw was found in the Linux kernel's afunix component. This vulnerability involves the incorrect handling of the SIOCATMARK operation when used with non-stream sockets, such as SOCKDGRAM and SOCKSEQPACKET. These socket types did not properly reject SIOCATMARK, an operation intended only for...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-9612 WhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLs

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS0.00308EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51750

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When reusing a handle for sequential transfers driven by environment-variable proxy configuration, the software fails to clear the proxy authentication state between requests. If an initial...

9.8CVSS5.8AI score0.0108EPSS
Exploits6References48
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51696

Name of the Vulnerable Software and Affected Versions WhatsOrder – Instant Checkout for WooCommerce versions prior to 1.0.2 Description The plugin is susceptible to sensitive information exposure through the yapacdev generate order pdf function. Unauthenticated attackers can extract personally...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/12 6:21 p.m.12 views

EUVD-2026-36533

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.3AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:17 p.m.32 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:17 p.m.12 views

EUVD-2026-36532

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48952

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.10 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00791EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/30 5:33 a.m.42 views

CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS0.00125EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 5:33 a.m.3 views

CVE-2026-6867 Improperly Controlled Sequential Memory Allocation in Wireshark

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS6.1AI score0.00124EPSS
Exploits1References4
Rows per page
Query Builder