Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12569 matches found

OSV
OSVadded 2026/02/26 6:23 p.m.4 views

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.1CVSS6AI score
Exploits0References5
NVD
NVDadded 2026/02/26 6:23 p.m.6 views

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS0.00165EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/26 5:32 p.m.4 views

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS6AI score0.00165EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/02/26 5:32 p.m.14 views

CVE-2026-23749

CVE-2026-23749 - Golioth Firmware SDK : The vulnerability affects Golioth Firmware SDK versions 0.19.1 prior to 0.22.0. The root cause is an out-of-bounds read caused by improper null termination when copying the blockwise transfer path in blockwise_transfer_init(). If the input path length equal...

2.9CVSS5.7AI score0.00165EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/26 5:32 p.m.5 views

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS6AI score0.00165EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/02/26 5:32 p.m.24 views

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

2.9CVSS0.00165EPSS
Exploits0References5
OSV
OSVadded 2026/02/26 4:24 p.m.4 views

DEBIAN-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS8.9AI score0.0036EPSS
Exploits2References1
UbuntuCve
UbuntuCveadded 2026/02/26 4:24 p.m.4 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS7.3AI score0.0036EPSS
Exploits2References3
OSV
OSVadded 2026/02/26 4:24 p.m.1 views

UBUNTU-CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS7.8AI score0.0036EPSS
Exploits2References4
Debian CVE
Debian CVEadded 2026/02/26 3:33 p.m.7 views

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.5AI score0.00186EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/02/26 3:10 p.m.6 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS6.4AI score0.0036EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2026/02/26 3:10 p.m.4 views

CVE-2026-28296 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS6.4AI score0.0036EPSS
Exploits2References2
Debian CVE
Debian CVEadded 2026/02/26 3:10 p.m.5 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS8.9AI score0.0036EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2026/02/26 3:10 p.m.5 views

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

4.3CVSS6.5AI score0.0036EPSS
Exploits2References3
OSV
OSVadded 2026/02/26 10:48 a.m.3 views

SUSE-SU-2026:20522-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release bsc1258046: - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor STM in some IntelR Processor may allow a...

7.3CVSS5.8AI score0.00232EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/02/26 4:25 a.m.10 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.00163EPSS
Exploits0References5
Hacker One
Hacker Oneadded 2026/02/26 4:11 a.m.14 views

curl: Able to bypass HSTS using trailing dot

Summary: curl allows users to load a HSTS cache which will cause curl to use HTTPS instead of HTTP given a HTTP URL for a given site specified in the HSTS cache. Affected version curl version used for reproducing this issue is: 8.16.0 curl --version curl 8.16.0 Windows libcurl/8.16.0 Schannel...

5.4AI score
Exploits0
NVD
NVDadded 2026/02/26 2:16 a.m.8 views

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/26 1:42 a.m.20 views

CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.7 views

PT-2026-22168

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise transfer init accepts a path whose length equals CONFIG GOLIOTH COAP MAX PATH LEN and copies it using strncpy witho...

2.9CVSS5.7AI score0.00165EPSS
Exploits0References4
Rows per page
Query Builder