Lucene search
K

2024 matches found

CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10. This vulnerability stems from incorrect handling of the parameter sys.userpass in the fromSysToolChangePwd function located in the...

9CVSS7.7AI score0.00571EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.4 views

SUSE CVE-2026-23464

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/03 6:31 p.m.4 views

EUVD-2026-18728

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

5.7AI score0.00122EPSS
Exploits0References5
NVD
NVD
added 2026/04/03 4:16 p.m.6 views

CVE-2026-23464

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

5.5CVSS0.00122EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/29 6:7 p.m.170 views

Exploit for Out-of-bounds Read in Microsoft

!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...

7.8CVSS6.6AI score0.00503EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00632EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS0.00632EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 7:52 p.m.1 views

CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00632EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2026/03/27 5:53 p.m.7 views

K000160486: Indicators of Compromise for c05d5254

Topic This article provides the known indicators of compromise IOCs associated with malicious software c05d5254 and related activity, and actions to take if IOCs are discovered. Important : Customers that were using BIG-IP APM on a vulnerable version at any point in time regardless of current...

5.9AI score
Exploits0
OpenVAS
OpenVAS
added 2026/03/27 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-9d5b9f45ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.2 views

CVE-2026-4465

A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. This...

6.5CVSS6.4AI score0.03092EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 5:4 a.m.5 views

MAL-2026-2178 Malicious code in lm-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69240e51e47ad6f05a6d2e98047b80c3beb9f2e05d1449b50606c812b9eb1c1e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Oracle linux
Oracle linux
added 2026/03/25 12:0 a.m.8 views

virt:ol and virt-devel:ol security update

hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 libguestfs 1.44.0-9.0.2 - libguestfs.spec: Add btrfs-progs RPM to appliance Orabug: 35634755 libguestfs-winsupport 8.10-1 - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz2236373 libiscsi...

7.5CVSS5.8AI score0.04794EPSS
Exploits1
EUVD
EUVD
added 2026/03/24 6:31 p.m.5 views

EUVD-2026-14903

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

8.8CVSS5.8AI score0.00138EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 12:0 a.m.10 views

CVE-2026-29839

DedeCMS v5.7.118 contains a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php. The available sources confirm the affected product/version and the vulnerable endpoint, but do not provide details on root cause, exploitability, impact scope, or remediation steps. No exploit detail...

8.8CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:0 a.m.1 views

CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

8.8CVSS5.8AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 12:0 a.m.18 views

CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

0.00138EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/20 8:35 p.m.3 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:GHSA-9F94-5G5W-GF6R...

9.1CVSS5.8AI score0.00252EPSS
Exploits0
OSV
OSV
added 2026/03/20 8:34 p.m.5 views

GHSA-394X-VWMW-CRM3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...

8.2CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder