Lucene search
K

60416 matches found

SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.7 views

SUSE CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 2:16 a.m.10 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS0.00296EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/07 1:23 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

9.3CVSS6.3AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 1:23 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

9.3CVSS6.3AI score0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 1:15 a.m.38 views

CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS0.00296EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:15 a.m.7 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS6.2AI score0.00296EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:15 a.m.12 views

CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS6.2AI score0.00296EPSS
Exploits1References1
CVE
CVE
added 2026/05/07 1:15 a.m.26 views

CVE-2026-40003

CVE-2026-40003 describes a USB-based arbitrary memory write vulnerability in the ZTE ZX297520V3 BootROM. The issue arises from lack of target address validation in the USB download mode, allowing writes to arbitrary locations in BootROM runtime memory. Potential consequences, as stated, include o...

6.8CVSS6.2AI score0.00296EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/07 12:55 a.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the pdfengines/metadata/write endpoint when JSON metadata keys containing newline characters are passed directly to ExifTool without validation. An attacker can execute arbitrary operating system commands by...

9.8CVSS6AI score0.0295EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.7 views

CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

7.8CVSS5.8AI score0.00078EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from Theme::upload, which extracted ZIP archives uploaded by users without verifying the entry names. As a result,...

9.4CVSS6AI score0.00484EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38621

Name of the Vulnerable Software and Affected Versions Note Mark versions 0.13.0 through 0.19.3 Description Authenticated users can upload assets to notes via the "/api/notes/noteID/assets" endpoint. The application stores the asset filename provided in the X-Name HTTP request header directly in t...

8.6CVSS6AI score0.00495EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38322

Name of the Vulnerable Software and Affected Versions ZTE ZX297520V3 affected versions not specified Description The BootROM contains an issue allowing arbitrary memory writes via USB. Due to a lack of target address validation in the USB download mode, it is possible to write data to any locatio...

6.8CVSS6.1AI score0.00296EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.9 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

5.9AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.29 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

0.00326EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38435

Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01 Description The device exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control. This API enables reading configuration across 74 endpoints and modifying settings such ...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-7989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perfo...

4.2CVSS6AI score0.00163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-4430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue...

7.8CVSS7.1AI score0.00078EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-7943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process t...

4.2CVSS6AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the Backup::restore function extracted ZIP archives uploaded by users without verifying the names of th...

9.4CVSS6AI score0.00528EPSS
Exploits0References1
Rows per page
Query Builder