Lucene search
K

19057 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40795

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a symlink attack, which occurs when a system follows a symbolic link a file that points to another file or directory to access locations outside the...

7.5CVSS5.5AI score0.00387EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context ...

8.8CVSS6.7AI score0.00502EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 9:56 p.m.18 views

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 9:56 p.m.14 views

EUVD-2026-29858

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 9:56 p.m.24 views

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/12 9:46 p.m.34 views

CVE-2026-42544

CVE-2026-42544 (Granian) affects Granian versions 1.2.0–2.7.4, where an unauthenticated client sending a WebSocket upgrade request with a non-ASCII Sec-WebSocket-Protocol header causes the server to abort the worker in the WebSocket scope construction path, yielding an unauthenticated DoS. The cr...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29748

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.8 views

EUVD-2026-29747

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 7:16 p.m.14 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS0.00502EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 6:43 p.m.20 views

CVE-2026-8430

CVE-2026-8430 affects SPIP versions prior to 4.4.14. The vulnerability is a remote code execution in the public space, limited to certain nginx configurations, allowing attackers to run arbitrary code in the web server context. Exploitation relies on specific nginx configuration scenarios and is ...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 6:43 p.m.10 views

CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:32 p.m.6 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 6:32 p.m.20 views

CVE-2026-8429

SPIP versions prior to 4.4.14 are affected by a remote code execution vulnerability in the private space, allowing an attacker to execute arbitrary code in the web server context. Affected component: SPIP core (private space); impact is high on confidentiality, integrity, and availability as desc...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29557

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

6.4AI score0.00687EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 5:37 p.m.10 views

CVE-2026-33006

A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...

4.8CVSS5.7AI score0.00557EPSS
Exploits1References4
NVD
NVD
added 2026/05/12 10:16 a.m.17 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:20 a.m.42 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:20 a.m.20 views

CVE-2025-40948

The CVE-2025-40948 entry affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000 (all versions

6.8CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:20 a.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
Rows per page
Query Builder