CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

192 matches found

EUVD•added 2026/06/14 5:10 p.m.•9 views

EUVD-2026-36661

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...

9CVSS5.8AI score0.00541EPSS

Exploits0References4

Positive Technologies•added 2026/06/14 12:0 a.m.•14 views

PT-2026-49133

Name of the Vulnerable Software and Affected Versions nanoMODBUS versions prior to 1.23.1 Description An off-by-one buffer overflow exists in the recv msg header function of the Modbus/TCP server. Remote unauthenticated attackers can write one controlled byte beyond the 260-byte receive buffer by...

9CVSS5.6AI score0.00541EPSS

Exploits0References9

Positive Technologies•added 2026/05/19 12:0 a.m.•15 views

PT-2026-41947

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

8.4CVSS5.8AI score0.00162EPSS

Exploits0References2

EUVD•added 2026/05/12 9:31 a.m.•12 views

EUVD-2026-29390

An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...

8.2CVSS5.8AI score0.00351EPSS

Exploits0References2

Cvelist•added 2026/05/01 12:0 a.m.•26 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS0.00253EPSS

Exploits0References3

ATTACKERKB•added 2026/05/01 12:0 a.m.•1 views

CVE-2026-37552

8.4CVSS6.1AI score0.00253EPSS

Exploits0References4

CVE•added 2026/05/01 12:0 a.m.•9 views

CVE-2026-37552

CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...

8.4CVSS6.1AI score0.00253EPSS

Exploits0References3

CNNVD•added 2025/12/30 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition when accessing TCPServerInfo::hostname, which could lead to reuse after release...

5.8AI score0.00167EPSS

Exploits0References4

SUSE CVE•added 2025/12/09 12:29 a.m.•5 views

SUSE CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

5.5CVSS6.6AI score0.00156EPSS

Exploits0References9

EUVD•added 2025/12/08 3:31 a.m.•3 views

EUVD-2023-60077

6.1AI score0.00156EPSS

Exploits0References5

NVD•added 2025/12/08 2:15 a.m.•4 views

CVE-2023-53751

0.00156EPSS

Exploits0References4

Tenable Nessus•added 2025/12/08 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2023-53751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its...

5.4AI score0.00156EPSS

Exploits0References4

EUVD•added 2025/10/07 1:49 p.m.•4 views

EUVD-2025-32856

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.3AI score0.00336EPSS

Exploits0References2

Cvelist•added 2025/10/07 1:49 p.m.•9 views

CVE-2025-53476

5.3CVSS0.00336EPSS

Exploits0References1

CVE•added 2025/10/07 1:49 p.m.•12 views

CVE-2025-53476

OpenPLC_v3 is affected by CVE-2025-53476 due to a DoS in the ModbusTCP server. A crafted sequence of TCP connections can exhaust the server’s file descriptors, causing the server to be unable to process subsequent Modbus requests. TALOS details the vulnerability in OpenPLC_v3, including the waitF...

5.3CVSS6.4AI score0.00336EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-3932

Malware in sbrugna...

8.8CVSS8.6AI score0.00843EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-1999-1248

Malware in sbrugna...

5CVSS6.4AI score0.01154EPSS

Exploits0References3