276021 matches found
CVE-2026-9210 Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
NVIDIA GPU Display Driver and vGPU Software Vulnerabilities - Lenovo Support US
No description provided...
ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
Malicious code in farming-tools-12 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...
EUVD-2026-35368
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...
BELL-CVE-2026-46295 CVE-2026-46295 does not affect BellSoft software
Bulletin has no description...
PT-2026-47857
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...
PT-2026-47818
Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...
PT-2026-47541
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
PT-2026-48131
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's...
Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...
PT-2026-47982
Name of the Vulnerable Software and Affected Versions Windows SDK affected versions not specified Description A use after free issue allows an authorized attacker to elevate privileges locally, which can affect the system. Use after free is a memory corruption flaw that occurs when an application...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42507)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42507 advisory. - When returning errors, functions in the net/textproto package would include its input as part ...
UBUNTU-CVE-2026-42489
Unknown description...
PT-2026-48161
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf opus parse packet header function media tools/av parsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
PT-2026-47819
Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...
Security update for elemental-system-agent (important)
openSUSE security update: security update for elemental-system-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20924-1 Rating: important References: bsc1260277 Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1...