Lucene search
K

15232 matches found

NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/15 5:15 a.m.2 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49289

Name of the Vulnerable Software and Affected Versions Boyleep K11, y108 version 2.3.0.11291 Description A flaw in the factory test feature allows an attacker with physical proximity to the device to execute arbitrary code. Recommendations At the moment, there is no information about a newer versi...

6.8CVSS6.1AI score0.00174EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 a.m.15 views

CVE-2026-36933

The CVE-2026-36933 issue affects Boyleep K11 y108 firmware v2.3.0.11291. A physically proximate attacker can execute arbitrary code via the factory test feature. The impact is described as high for confidentiality, integrity, and availability; the root cause is tied to the factory test feature, w...

6.8CVSS5.9AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-36933

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...

0.00174EPSS
Exploits0References1
OSV
OSV
added 2026/06/13 8:52 p.m.22 views

MAL-2026-5748 Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

5.5AI score
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/13 12:51 p.m.89 views

Web-kit-exploit-test

No d...

5.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.26 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/12 9:14 a.m.8 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc1263790...

9.3CVSS5.1AI score0.00563EPSS
Exploits5References52
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48912

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

SAP NetWeaver AS Java Reflected XSS (3723655)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 11:54 a.m.65 views

cybersec-bad-folio

DevFolio Application portfolio étudiant — Spring Boot 3.2 + V...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:41 a.m.15 views

Malicious code in chai-net-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/06/11 7:41 a.m.11 views

MAL-2026-5607 Malicious code in chai-net-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f4bb3d7abae3be57c7521b84016b6484d4c21bd2898fcde043d376513cf1e chai-net-test ships a remote-code-execution dropper behind its public chain API. When a consumer calls chain... the documented entry point,...

5.5AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.32 views

Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing

This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

8.8CVSS6AI score0.0004EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-49842

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 6:9 p.m.9 views

MAL-2026-5528 Malicious code in events-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...

5.5AI score
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2026/06/10 4:0 p.m.18 views

Turn specs into evals for any agent with ASSERT

Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...

5.5AI score
Exploits0
Rows per page
Query Builder