Lucene search
K

1541 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55308

Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A remote attacker can cause a denial of service through the gohead/sub 445C5C component. Recommendations At the moment, there is no information about a newer version that contains a f...

7.5CVSS6AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.36 views

CVE-2026-52189

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub487330 component...

0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.9 views

CVE-2026-52189

CVE-2026-52189 describes a buffer overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313 stack/heap handling within the gohead/sub_487330 component. The issue allows a remote attacker to trigger a denial of service. Documented details are limited to the affected product/version and component nam...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40864

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub447CAC component...

7.5CVSS5.8AI score0.00423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54791

Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A SQL Injection flaw exists in the gohead/sub 463bbc component, which allows a remote attacker to execute arbitrary code. SQL Injection is a type of vulnerability that occurs when an...

9.8CVSS6.3AI score0.00527EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 12:0 a.m.13 views

CVE-2026-52190

CVE-2026-52190 affects UTT nv518G nv518GV3, version 3.2.7-210919-161313. A buffer overflow in the gohead/sub_448384 component allows a remote attacker to cause a denial of service. Marketed metrics indicate a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector, no privileges required, no...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.18 views

CVE-2026-52186

CVE-2026-52186 describes a SQL injection in UTT nv518G nv518GV3v3.2.7-210919-161313, via the gohead/sub_463bbc component. The vulnerability is exploitable remotely over the network with no user interaction (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and could lead to arbitrary code execution...

9.8CVSS6.2AI score0.00527EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54002

Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A buffer overflow occurs in the gohead/sub 416f28 component, which allows a remote attacker to trigger a denial of service. A buffer overflow is a condition where a program writes mor...

7.5CVSS6.2AI score0.00452EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:30 a.m.37 views

CVE-2026-13539 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...

9CVSS0.00466EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...

7.8CVSS6AI score0.00119EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously Asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes. The...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: media: v4l2-async: Fixed error handling after finding a match. Once an async connection is found to match an fwnode, a sub-device may be registered if it wasn’t already. Its binding operation is performed, auxiliary links are...

5.5CVSS6AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, resulting in a UAF and system crash. The driver does no...

5.9AI score0.00173EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: It is required that 3 sub-authorities are present before reading subauth2. The function parsedacl compares each ACE SID against sidunixNFSmode. When a match is found, sid.subauth2 is read as the file mode. If sidunixNFSmod...

8.6CVSS5.7AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 12:40 p.m.6 views

BIT-PARSE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as Express...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.4AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:22 p.m.11 views

CVE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:0 a.m.75 views

CVE-2026-9269

The CVE pertains to the WordPress plugin “Secure Copy Content Protection and Content Locking” prior to version 5.1.5, which fails to sanitize and escape certain settings. This enables Stored XSS for high-privilege users (e.g., admin), even when unfiltered_html is disallowed (such as in multisite ...

3.5CVSS5.2AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:0 a.m.10 views

CVE-2026-9269 Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

5.2AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-49 and 7.1.2-24 contained security vulnerabilities. These vulnerabilities stemmed from the...

4.7CVSS5.3AI score0.00092EPSS
Exploits0References1
Rows per page
Query Builder