365733 matches found
CVE-2026-47927
CVE-2026-47927 concerns the DNG SDK, where versions 1.7.1 2536 and earlier are affected by an out-of-bounds read (CWE-125). The vulnerability could lead to disclosure of sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. The CVSS info indicates a local ...
CVE-2024-38487
CVE-2024-38487 describes a vulnerability where an api-gateway container running with root privileges could escape the container and access the host system. Affected configuration: containerized api-gateway with root-level execution; root privileges combined with local attack vector enable host ac...
CVE-2026-42089
The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...
CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where deserialization of untrusted data may lead to code execution, privilege escalation, data tampering, and information disclosure. The connected NVIDIA security bulletin confirms affected product: NVIDIA NeMo Framework for Linux, with af...
CVE-2026-24155
CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...
CVE-2024-30476
CVE-2024-30476 details a Stored Cross-Site Scripting vulnerability in Dell PowerStore Manager. A remote authenticated, low-privileged attacker could exploit this to execute scripts in the browser of an authenticated user. CVSS v3.1 base score 5.4 (Medium); attack vector: Network; privileges requi...
CVE-2026-10649
Pacemaker vulnerability CVE-2026-10649: an unauthenticated remote attacker can trigger an integer overflow in the remote message decompression, causing memory corruption and denial of service in the CIB remote listener. Affects Pacemaker (remote message processing) with network attack vector, no ...
CVE-2025-71261
The CVE-2025-71261 issue affects the SUSE Virtualization (Harvester) Rancher integration registration client, specifically the cluster-registration-url path. The root cause is an insecure TLS setup that fails to verify the remote server’s certificate, enabling MITM between SUSE Virtualization and...
CVE-2026-44932
Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...
CVE-2024-24909
The CVE affects Dell OpenManage Integration with Microsoft Windows Admin Center, specifically the gateway plugin, which contains a Remote Code Execution vulnerability. A remote authenticated user could potentially escalate privileges and run arbitrary code remotely, with a CVSS v3.1 base score of...
CVE-2026-53776
Perry before 0.5.1166 contains a JWT validation vulnerability in the verify_decode helper that sets validate_exp = false unconditionally, enabling token expiration bypass. Attackers with a previously issued bearer token can present expired tokens to jwt.verify() calls and retain access, undermini...
CVE-2026-12003
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2024-22451
Dell Peripheral Manager (versions 1.5.1–1.7.2) contains an uncontrolled search path element vulnerability that could allow arbitrary code execution via preloading a malicious executable. Affected component is the Dell Peripheral Manager executable path; root cause is an uncontrolled search path e...
CVE-2026-12398
The CVE-2026-12398 entry describes a command-injection in galaxy_ng via the legacy role import API (v1) do_git_checkout(), where unsanitized git ref names are interpolated into shell commands executed with subprocess.run(shell=True). An authenticated user controlling a git repo can craft branch/t...
CVE-2026-47684
CVE-2026-47684 — Sync-in Server SSRF bypass (IPv4-mapped IPv6 addresses) Affected product: Sync-in Server (file storage/sharing/collaboration). Vulnerability: The private IP blocklist regex (regExpPrivateIP) used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g., ::ffff:...
CVE-2026-0647
The 1794-AENTR adapter (Rockwell Automation FLEX I/O dual‑port EtherNet/IP) has an improper authentication flaw in its embedded web server. An unauthenticated attacker can change the device web interface password by sending a crafted HTTP GET request to a specific endpoint, without prior authenti...
CVE-2026-0646
The affected product is Rockwell Automation 1794-AENTR adapters (EtherNet/IP). The issue is a denial-of-service caused by improper memory handling of CIP protocol requests in the 1794-AENTR adapter, which can cause the device to fault and drop connections to its linked I/O modules, requiring a ma...
CVE-2026-48780
CVE-2026-48780 affects Forem. Before commit a2ab6d4, a maliciously crafted email address could bypass domain allowlist/denylist restrictions and gain access to invite-only Forem deployments. The issue is patched as of a2ab6d4. Affected component is the email validation/allowlist logic; impact is ...
CVE-2024-22447
CVE-2024-22447 affects Dell Peripheral Manager prior to 1.7.3. The vulnerability is an uncontrolled search path element that could allow preloading a malicious DLL to achieve arbitrary code execution. Affected product: Dell Peripheral Manager. Root cause: uncontrolled search path element in the a...
CVE-2025-14272
Technical details (affected product/version, root cause, exploitability, and remediation) are not publicly available in the provided documents. Monitor for updates from Rockwell, NVD, and CVE feeds.
CVE-2025-13036
CVE-2025-13036 affects Rockwell Automation’s FactoryTalk Historian Site Edition . Description and connected sources confirm an authentication bypass vulnerability: by repeatedly hitting the login endpoint, an attacker could obtain a valid authentication token. The CVSS metrics indicate a network-...
CVE-2026-10831
CVE-2026-10831 concerns MOXA NPort serial device servers. The issue is improper access control on the command port: the command interface does not properly verify that the sender is tied to a valid data-port session before accepting break signal commands. A remote attacker with network access can...
CVE-2026-9307
The CVE-2026-9307 issue affects CompactLogix 5370 controllers where the web server exposes CIP Connection IDs on the diagnostics page to unauthenticated users, enabling an attacker to craft malicious packets and cause Denial-of-Service. The available documents do not specify affected firmware ver...
CVE-2025-11694
The CVE-2025-11694 issue affects 1769 CompactLogix controllers (CIP protocol). The root cause is missing validation of sequence numbers and source IP addresses, enabling an attacker to abuse exposed Connection IDs visible on the web interface to trigger denial-of-service conditions resulting in a...
CVE-2026-10640
Zephyr IPv6 Neighbor Discovery (ipv6_nbr.c) contains a use-after-free in the per-interface ICMP stats update. After net_send_data(pkt) succeeds, net_pkt_iface(pkt) may dereference an iface pointer from a freed net_pkt, causing iface-stats.icmp.sent to be incremented from freed memory (CWE-416). T...
CVE-2026-10639
Summary: Zephyr’s native IPv4 icmpv4_handle_echo_request() can perform a use-after-free when updating per-interface statistics after sending an ICMP echo reply. The code hands the echo-reply to the TX path, which may drop the packet and free the net_pkt before the post-send stats update runs. As ...
CVE-2026-10638
CVE-2026-10638 affects Zephyr Networking: ICMPv6 RX path can use a freed net_pkt when updating statistics after sending an echo reply or error. The code reads iface pointers post-send in icmpv6_handle_echo_request() and net_icmpv6_send_error(); if no TX queue or driver/L2 frees the packet, net_pk...
CVE-2026-46655
A vulnerability in virtio-win (Red Hat CVE-2026-46655) allows a low-integrity process to send a crafted IOCTL to viosock.sys!VIOSockSelect, causing an integer overflow that leads to a heap overflow in the NonPagedPool kernel heap. This could enable privilege escalation on Windows systems running ...
CVE-2026-10637
CVE-2026-10637 describes a use-after-free in Zephyr’s IPv6 MLD send path: after net_send_data(pkt) returns, mld_send() reads net_pkt_iface(pkt), which may point to freed memory because ownership transfers to the L2 driver and the packet is returned to the k_mem_slab. If the freed slot has been re...
CVE-2026-10636
CVE-2026-10636 affects Zephyr’s IPv4 IGMP send path (igmp_send) where net_pkt_iface(pkt) dereferences a freed net_pkt after handoff to net_send_data. The underlying cause is use-after-free: on the successful-send path the packet’s last reference may be released by the L2 driver or TX handling, ye...
CVE-2026-11317
CVE-2026-11317 affects Rockwell Automation Logix 5370 and 5570 controllers. The issue is a denial-of-service fault triggered by a crafted CIP message, with memory-constrained devices more likely to be affected. Consequences described are a major nonrecoverable fault (MNRF) requiring a program dow...
CVE-2026-53900
CVE-2026-53900 concerns Firefox for iOS. The issue: cookies set on the initial PDF request were preserved across cross-origin HTTP redirects in TemporaryDocument, enabling a malicious site to inject cookies into requests to an unrelated target domain. The CVE has a base score of 4.3 (Medium) per ...
CVE-2026-53899
CVE-2026-53899 affects Firefox for iOS. The issue arises from partial domain matching when attaching cookies to PDF requests, enabling a malicious site on a suffix domain to receive cookies belonging to the target site. The root cause is tied to how cookies were matched during PDF handling, leadi...
CVE-2026-12330
CVE-2026-12330 corresponds to an issue in the Internationalization component with incorrect boundary conditions. Public disclosures in connected advisories confirm multiple Mozilla products are affected, including Firefox ESR and Thunderbird. Debian’s advisory shows the vulnerability affecting fi...
CVE-2026-12329
CVE-2026-12329 corresponds to a memory-safety bug fixed in Firefox ESR 140.12 and Thunderbird ESR 140.12. The primary public references indicate the issue affects Thunderbird/Firefox ESR and that version 140.12.0esr-1~deb13u1 (and Thunderbird 140.12) address it. Connected advisories (Debian, RH, ...
CVE-2026-12328
CVE-2026-12328 pertains to memory safety bugs in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some bugs showed memory corruption and could potentially be exploited to run arbitrary code. Remediations are available: Firefox 152, Firefox ESR 140....
CVE-2026-12327
CVE-2026-12327 relates to memory safety bugs in Mozilla products: Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151, and Thunderbird 151. Some bugs showed evidence of memory corruption and could potentially be exploited to run arbitrary code. The issue was fixed in Firefox 152, Firefox ESR ...
CVE-2026-12326
CVE-2026-12326 is a Firefox/Thunderbird memory-safety issue affecting Firefox 151 and Thunderbird 151. The available sources indicate memory corruption that could be exploited to run arbitrary code, with a fix delivered in Firefox 152 and Thunderbird 152. The vulnerability details include affecte...
CVE-2026-12325
CVE-2026-12325 is a denial-of-service vulnerability in the Graphics: ImageLib component. Affected products include Mozilla Firefox and Thunderbird; root cause and impact are described as DoS in ImageLib. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbir...
CVE-2026-12324
CVE-2026-12324 concerns an issue in the Graphics: CanvasWebGL component caused by incorrect boundary conditions. Public sources indicate the vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. The available documents do not provide exploit vectors ...
CVE-2026-12323
CVE-2026-12323 describes a spoofing issue in the DOM: Core & HTML component. The vulnerability affected Mozilla Firefox and Thunderbird and was fixed in Firefox 152 and Thunderbird 152. The available references confirm the DOM spoofing flaw and its patch in version 152. Practical impact is modest...
CVE-2026-12322
CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...
CVE-2026-12321
Summary: CVE-2026-12321 is a JIT miscompilation in the JavaScript: WebAssembly component. Affected products: Firefox and Thunderbird (WebAssembly/JS engine). Root cause: JIT miscompilation in the WebAssembly component. Impact: Not explicitly quantified beyond miscompilation; CVSS v3.1 base score ...
CVE-2026-12320
CVE-2026-12320 affects the Password Manager component in Firefox and Thunderbird. The vulnerability enables information disclosure and is documented with a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, but user interaction is requi...
CVE-2026-12319
CVE-2026-12319 is a reported DoS in the Audio/Video: Playback component. Multiple connected sources confirm the issue affects Firefox and Thunderbird and that it was fixed in Firefox 152 and Thunderbird 152. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges...
CVE-2026-12318
CVE-2026-12318 concerns the Mozilla NSS Libraries component. The vulnerability is described as incorrect boundary conditions in the NSS Libraries, with the fixed versions identified as Firefox 152 and Thunderbird 152. Connected sources confirm this fix and cite Firefox/Thunderbird 152 as the reme...
CVE-2026-12317
CVE-2026-12317 is a memory-safety vulnerability fixed in Firefox 152 and Thunderbird 152. Affected products are Firefox/Thunderbird; root cause is a memory-safety bug.remediation is to upgrade to Firefox 152 / Thunderbird 152 as indicated by multiple advisories (e.g., Mozilla MFSA advisories and ...
CVE-2026-12316
CVE-2026-12316 describes a mitigation bypass in the DOM: Security component that was fixed in Mozilla Firefox 152 and Thunderbird 152. The connected documents confirm that this is a software-level patch by Mozilla, addressing a DOM-related security bypass. The vulnerability details in the public ...
CVE-2026-12315
The CVE-2026-12315 issue is a mitigation bypass in the DOM: Security component affecting Firefox and Thunderbird. According to the sources, it is fixed in Firefox 152 and Firefox ESR 140.12, as well as Thunderbird 152 and Thunderbird 140.12. The Debian/Red Hat/OSV/NVD entries corroborate a broad ...
CVE-2026-12314
CVE-2026-12314 is a memory-safety vulnerability in Mozilla Firefox/Thunderbird addressed by updates to Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Debian’s advisory confirms Firefox ESR 140.12.0esr-1~deb13u1 fixes the issue for firefox-esr in the stable trixie packag...