Lucene search
K

5420 matches found

Nuclei
Nuclei
added 9 hours ago41 views

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

9.8CVSS7.4AI score0.75556EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday75 views

Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author:...

7.5CVSS7AI score0.36507EPSS
Exploits2References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15494 AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43216

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
CVE
CVE
added 2 days ago14 views

CVE-2026-15494

AMTT Hotel Broadband Operation System 1.0 contains a SQL injection flaw in an unknown function of file manager/network/switch_status.php. Manipulating the argument ID remotely can lead to SQL injection. An exploit has been published and may be used; vendor contact occurred with no response. Docum...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59227 Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to...

4.3CVSS0.00259EPSS
Exploits1References4
Amazon
Amazon
added 2026/07/07 12:0 a.m.4 views

Low: cifs-utils

Issue Overview: No CVE associated with this advisory Affected Packages: cifs-utils Issue Correction: Run dnf update cifs-utils --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1927 --releasever 2023.12.20260706 to update your system. More information on how to update your syst...

7.8CVSS5.9AI score0.0012EPSS
Exploits0
OSV
OSV
added 2026/07/06 8:48 a.m.7 views

USN-8508-1 linux-nvidia-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - GP...

9.8CVSS6.2AI score0.00817EPSS
Exploits9References85
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.22 views

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50372)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50372 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Rajat Gupta CVE-2026-46331 - eventpoll: fix epremove struct eventpoll / struc...

9.8CVSS7AI score0.96267EPSS
Exploits326References820
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS0.01064EPSS
Exploits1References3
NVD
NVD
added 2026/07/01 2:16 p.m.6 views

CVE-2026-53343

In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 "ARM: 9430/1: entry: Do a dummy read from VMAP shadow" added a dummy read from the KASAN VMAP stack shadow in switchto. The read uses ldr, but the...

0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 9:24 a.m.2 views

SUSE-SU-2026:2700-1 Security update for cifs-utils

This update for cifs-utils fixes the following issue - CVE-2026-12505: cifs.upcall local privilege escalation via requestkey-controlled namespace switch and NSS loading bsc1267389...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:21 a.m.4 views

SUSE-SU-2026:2699-1 Security update for cifs-utils

This update for cifs-utils fixes the following issue - CVE-2026-12505: cifs.upcall local privilege escalation via requestkey-controlled namespace switch and NSS loading bsc1267389...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 11:15 p.m.5 views

cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 11:19 a.m.9 views

CVE-2026-53323

A flaw was found in the Linux kernel's Distributed Switch Architecture DSA subsystem. Redundant locking operations within the DSA conduit ethtool wrappers can lead to a deadlock. A local attacker can exploit this by using the ethtool -i command, causing the system to become unresponsive and...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

DEBIAN-CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/26 7:41 p.m.10 views

EUVD-2026-39858

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 7:40 p.m.2 views

CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References9
Rows per page
Query Builder