Lucene search
K

162663 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who are connected to the local network and hav...

6.8CVSS5.3AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

Microsoft Windows NT OS Kernel 数字错误漏洞

The Microsoft Windows NT OS Kernel is the core of the Windows operating system developed by Microsoft Corporation. It is responsible for managing system resources, providing hardware abstraction, and ensuring system security and stability. There is an input validation vulnerability present in the...

7.8CVSS5.8AI score0.00326EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

OpenSSL 资源管理错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

5CVSS5.8AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from the possibility that authenticated administrators who are connected to the local network may gain elevated...

5.7CVSS5.4AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47795

Name of the Vulnerable Software and Affected Versions Waves Central for macOS versions 13.0.9 through 16.5.5 Description A trusted XPC client component is signed with hardened runtime entitlements that allow dynamic library injection. A local attacker can use the DYLD INSERT LIBRARIES environment...

7.8CVSS6AI score0.00151EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47682

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2 Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

6.1CVSS5.3AI score0.0012EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48342

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description The Net::IMAPid and Net::IMAPenable functions do not properly validate their arguments. When Net::IMAPid is called with a hash argument, it fails to prohibit CRLF...

5.8CVSS6.1AI score0.00131EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-48323

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48312

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47826

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48270

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 Description Improper input validation allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access. This issue does not require user interaction to be...

8.1CVSS5.2AI score0.0039EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

CVE-2026-41008: Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi , which can lead to an Open Redirect...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References1Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41714: In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification...

4CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47637

Name of the Vulnerable Software and Affected Versions jQuery Hover Footnotes versions prior to 1.5 Description The plugin is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not intend to. This occurs due to missing or incorre...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48006

Name of the Vulnerable Software and Affected Versions Microsoft Azure Attestation service affected versions not specified Device Health Attestation Service affected versions not specified Description Improper input validation in these services allows an authorized attacker to perform spoofing via...

3.9CVSS5.5AI score0.00319EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48020

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Microsoft Defender affected versions not specified Description Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. Additionall...

10CVSS5.5AI score0.00591EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48286

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

6.2CVSS5.2AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47748

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with write access to the form definition database table can directly create, update, or delete form definition records using the DataHandler. This process bypasses the Form...

8.7CVSS5.7AI score0.00244EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47818

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...

6.8CVSS5.5AI score0.00323EPSS
Exploits0References19
Rows per page
Query Builder