Lucene search
K

1888 matches found

EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26386

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.4AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

5.4AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.11 views

CVE-2026-36958

CVE-2026-36958 affects the U-SPEED N300 router (firmware V1.0.0). The embedded Boa HTTP server is vulnerable to a denial-of-service when a large number of concurrent HTTP requests target random/non-existent web-management endpoints, exhausting resources and rendering the web interface unresponsiv...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

7.5CVSS5.8AI score0.00323EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

5.3AI score0.00323EPSS
Exploits2References2
CVE
CVE
added 2026/04/30 12:0 a.m.8 views

CVE-2026-36960

CVE-2026-36960 describes a CSRF flaw in the web management interface of the U-SPEED N300 Router V1.0.0. The device lacks anti-CSRF tokens and strict Origin/Referer checks for administrative endpoints, enabling a crafted page to trigger forged requests when an authenticated administrator visits it...

8.8CVSS5.4AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

U-SPEED N300 跨站请求伪造漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a cross-site request forgery vulnerability. This vulnerability stems from the lack of a mechanism to protect against cross-site request forgery in the web management interface. This...

8.8CVSS5.7AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36104

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS5.3AI score0.00323EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.6 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.2AI score0.00349EPSS
Exploits1References3
hivepro
hivepro
added 2026/04/29 11:36 p.m.11 views

Security Tool Consolidation

The average enterprise security team manages 10 to 15 separate security tools. Each one generates its own alerts, requires its own maintenance, and delivers findings in its own format. The result? Fragmented visibility, duplicated costs, and a team that spends more time switching between dashboar...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/29 8:33 p.m.82 views

Exploit for CVE-2026-36958

CVE-2026-36958: Denial of Service via Concurrent HTTP Requests...

5.5AI score0.00323EPSS
Exploits2
Patchstack
Patchstack
added 2026/04/29 9:59 a.m.7 views

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

6.1CVSS5.1AI score0.00215EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-35910

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend rewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:7 a.m.6 views

net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

...

7.8CVSS5.2AI score0.00126EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/22 5:0 p.m.10 views

AI-powered defense for an AI-accelerated threat landscape

We are at an inflection point in cybersecurity. Recent advances in AI model capabilities are changing how vulnerabilities are discovered and exploited. AI models can autonomously discover weaknesses, chain multiple lower-severity issues into working end-to-end exploits, and produce working...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/15 4:0 p.m.5 views

Incident response for AI: Same fire, different fuel

In this article 1. The fundamentals still hold 2. Where AI changes the equation 3. Closing the gaps in telemetry, tooling, and response 4. The human dimension 5. Looking ahead When a traditional security incident hits, responders replay what happened. They trace a known code path, find the defect...

5.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/04/10 7:11 p.m.9 views

Metasploit Wrap-Up 04/10/2026

Speedup Improvements of MSFVenom & New Modules This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report...

10CVSS7.6AI score0.73125EPSS
Exploits13
NVD
NVD
added 2026/04/10 2:16 a.m.4 views

CVE-2026-1924

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the ahscajaxresetoptions function. This makes it possible for unauthenticated attackers to reset all plugin settings t...

4.3CVSS0.00181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 5:0 a.m.5 views

CVE-2026-5692

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and cou...

7.5CVSS6.8AI score0.01429EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 12:30 a.m.4 views

EUVD-2026-19557

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and cou...

7.5CVSS6.7AI score0.01429EPSS
Exploits0References6
Rows per page
Query Builder