Lucene search
K

7126 matches found

Cvelist
Cvelist
added 2026/06/16 10:16 a.m.33 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 10:16 a.m.9 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/16 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected ...

5.6CVSS5.3AI score0.00211EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:32 p.m.11 views

GHSA-V3WM-QF9P-C549 Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

5.4AI score0.00025EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.8 views

Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

5.4AI score0.00025EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48952

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 11:39 a.m.9 views

kernel: RDMA/rxe: Fix double free in rxe_srq_from_init

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...

7.8CVSS5.5AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.5AI score0.00327EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

FreeBSD : FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2) (7e61007e-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7e61007e-6474-11f1-958d-bc241121aa0a advisory. The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code th...

7.8CVSS5.5AI score0.00106EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 8:9 p.m.12 views

kernel: RDMA/rxe: Fix double free in rxe_srq_from_init

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...

7.8CVSS5.4AI score0.00175EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 6:31 p.m.10 views

EUVD-2026-36068

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.4AI score0.00327EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 6:22 p.m.13 views

MAL-2026-5522 Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
Snyk
Snyk
added 2026/06/10 6:20 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Personal space feature. that is selected when no componentId is set. An attacker can read files outside the intended directory by omitting componentId while selecting 'Personal space. Details A Directory...

8.7CVSS6.2AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 6:20 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Personal space feature. that is selected when no componentId is set. An attacker can read files outside the intended directory by omitting componentId while selecting 'Personal space. Details A Directory...

8.7CVSS6.2AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:17 p.m.10 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 12:0 a.m.29 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 12:0 a.m.25 views

CVE-2026-53698

CVE-2026-53698 affects Silverpeas up to version 6.4.6, where the Personal space feature is mishandled when no componentId is set. The issue is described as a misbehavior in handling Personal space, with a CVSS v3.1 base score of 6.5 (Network attack vector, Low attack complexity, Privileges Requir...

6.5CVSS5.5AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48472

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.4AI score0.00327EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/10 12:0 a.m.7 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.4AI score0.00327EPSS
Exploits0References4
Rows per page
Query Builder