7036 matches found
CVE-2026-54224
creationtimestamp| type| source ---|---|--- 2026-06-18 05:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-54219...
Siemens RuggedCom Rox Classic Buffer Overflow (CVE-2022-30552)
Das U-Boot 2022.01 has a Buffer Overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505481; scriptversion"1.2";...
Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-13106)
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2026-48818
A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...
CVE-2026-3490
CVE-2026-3490 affects picklescan prior to version 1.0.4, where the blocklist of dangerous functions is bypassed via pkgutil.resolve_name. The underlying issue is an incomplete blocklist that allows indirect REDUCE calls to resolve dangerous functions, enabling remote code execution (e.g., os.syst...
CVE-2025-59872
creationtimestamp| type| source ---|---|--- 2026-06-17 14:57:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moil5pdlca2f...
CVE-2026-46965
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
CVE-2026-46966
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-46963
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
CVE-2026-46964
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark
A flaw was found in the USB HID dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing an excessive consumption of memory, resulting in a denial of service...
PT-2026-50062
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue. A low privileged attacker with network...
PT-2026-50065
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue. A low privileged attacker with network...
PT-2026-50063
Name of the Vulnerable Software and Affected Versions Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue product within Oracle E-Business Suite. A low privileged attack...
CVE-2026-52718
creationtimestamp| type| source ---|---|--- 2026-06-15 21:02:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe6n7ygzu2v...
GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
CVE-2026-12210
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...
CVE-2026-12210 universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...
EUVD-2026-36684
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...
CVE-2026-12210
CVE-2026-12210 affects the universal-tool-calling-protocol project, specifically the python-utcp 1.1.0 release, with a vulnerability in the utcp-gql/utcp-websocket component that enables server-side request forgery. The description notes a remote, public exploit and a lack of vendor response. The...