Lucene search
K

19024 matches found

CVE
CVE
added 2026/05/12 9:56 p.m.24 views

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/12 9:46 p.m.24 views

CVE-2026-42544

CVE-2026-42544 (Granian) affects Granian versions 1.2.0–2.7.4, where an unauthenticated client sending a WebSocket upgrade request with a non-ASCII Sec-WebSocket-Protocol header causes the server to abort the worker in the WebSocket scope construction path, yielding an unauthenticated DoS. The cr...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.8 views

EUVD-2026-29748

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.7 views

EUVD-2026-29747

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 7:16 p.m.13 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS0.00502EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 6:43 p.m.20 views

CVE-2026-8430

CVE-2026-8430 affects SPIP versions prior to 4.4.14. The vulnerability is a remote code execution in the public space, limited to certain nginx configurations, allowing attackers to run arbitrary code in the web server context. Exploitation relies on specific nginx configuration scenarios and is ...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 6:43 p.m.10 views

CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:32 p.m.6 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 6:32 p.m.18 views

CVE-2026-8429

SPIP versions prior to 4.4.14 are affected by a remote code execution vulnerability in the private space, allowing an attacker to execute arbitrary code in the web server context. Affected component: SPIP core (private space); impact is high on confidentiality, integrity, and availability as desc...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29557

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

6.4AI score0.00687EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.9 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 5:37 p.m.10 views

CVE-2026-33006

A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...

4.8CVSS5.7AI score0.00557EPSS
Exploits1References4
NVD
NVD
added 2026/05/12 10:16 a.m.17 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:20 a.m.37 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:20 a.m.16 views

CVE-2025-40948

The CVE-2025-40948 entry affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000 (all versions

6.8CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:20 a.m.8 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:19 a.m.19 views

CVE-2026-0502

The CVE-2026-0502 entry concerns SAP BusinessObjects Business Intelligence Platform with a CSRF protection flaw. An authenticated user can be tricked into sending unintended requests to the web server, leading to low impact on integrity and availability and no confidentiality impact. Public detai...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.33 views

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

0.00687EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.8 views

PT-2026-40348

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a series of multifunctional relays developed by the German company Siemens. There are security vulnerabilities in Siemens SIPROTEC 5, which stem from the lack of using sufficiently random values to create session identifiers. This could allow unauthorized remote attackers to...

6.9CVSS7.3AI score0.00306EPSS
Exploits0References1
Rows per page
Query Builder