Lucene search
K

162410 matches found

NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.18 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.18 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.23 views

CVE-2026-35076

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.16 views

CVE-2026-35078

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 12:19 p.m.9 views

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

8CVSS5.8AI score0.00322EPSS
Exploits0References9
RustSec
RustSec
added 2026/06/03 12:0 p.m.10 views

Incomplete message edit validation in matrix-sdk-ui

The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...

5.8AI score0.00019EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/03 12:0 p.m.12 views

RUSTSEC-2026-0158 Incomplete message edit validation in matrix-sdk-ui

The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...

4.9CVSS5.8AI score0.00019EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/03 11:39 a.m.12 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:41 a.m.9 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 10:41 a.m.38 views

CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 10:41 a.m.12 views

EUVD-2026-34078

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 10:41 a.m.8 views

CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 10:40 a.m.11 views

EUVD-2026-34077

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 10:40 a.m.7 views

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:40 a.m.10 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 10:40 a.m.37 views

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 10:40 a.m.15 views

CVE-2026-35081

CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...

8.1CVSS6AI score0.0037EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/03 10:40 a.m.11 views

EUVD-2026-34076

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder