Lucene search
K

162636 matches found

CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

FRRouting 安全漏洞

FRouting is an open-source network routing software suite that runs on Unix-like platforms. Versions of FRRouting from stable/10.0 to stable/10.6 have security vulnerabilities. These vulnerabilities stem from the lack of input validation in the rfapiRibBi2Ri function, which could allow attackers ...

7.5CVSS5.1AI score0.00335EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

MBS多款产品 安全漏洞

MBS Single-A and other models are a series of industrial communication gateways developed by the German company MBS. The MBS Universal Gateways have a security vulnerability; this vulnerability stems from the insufficient validation of user-controlled inputs in the bac-scanresult method, which...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

FOSSBilling 输入验证错误漏洞

FOSSBilling is an open-source billing and customer management platform for hosting service providers and digital service providers. Versions of FOSSBilling prior to 0.8.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the redirection module not...

4.8CVSS5.3AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46040

Name of the Vulnerable Software and Affected Versions crypton-x509-validation versions prior to 1.9.1 crypton-x509 versions prior to 1.9.1 x509 affected versions not specified x509-validation affected versions not specified Description The crypton-x509-validation and crypton-x509 libraries fail t...

9.1CVSS5.6AI score0.00223EPSS
Exploits0References30
EUVD
EUVD
added 2026/06/03 12:0 a.m.11 views

EUVD-2026-34143

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45918

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-45922

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager affected versions not specified Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An improper input validation flaw in the WebDialer service allows ...

8.6CVSS6.6AI score0.41694EPSS
Exploits3References161
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.9 views

PT-2026-45917

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files. This is caused by insufficient validation of...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.8 views

PT-2026-45923

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45992

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

5.8AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.14 views

Cisco Finesse 安全漏洞

Cisco Finesse is a call center management software developed by the American company Cisco. There is a security vulnerability in Cisco Finesse, which stems from insufficient validation of HTTP request inputs provided to users. This vulnerability could allow unauthorized remote attackers to load...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45920

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-45919

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46104

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable local fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block...

7.1CVSS5.8AI score
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:0 a.m.14 views

EUVD-2026-34140

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46122

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.91.0 Description The LaTeX backend fails to validate path containment when handling the includegraphics, input, and include commands. This allows attackers to use path traversal sequences, such as ../../../etc/passw...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References9
CVE
CVE
added 2026/06/03 12:0 a.m.12 views

CVE-2026-36460

CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...

4.8CVSS5.8AI score0.0018EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/03 12:0 a.m.8 views

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.5AI score0.00335EPSS
Exploits0
Rows per page
Query Builder