Lucene search
K

364113 matches found

NVD
NVD
•added 2026/06/16 8:16 p.m.•13 views

CVE-2026-22312

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

8.6CVSS0.00232EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-22313

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-12105

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

6.5CVSS0.00201EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

4.3CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0165

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.7CVSS0.00171EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0157

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS0.00169EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•16 views

CVE-2026-0162

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-0158

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS0.0006EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0155

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS0.00169EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0154

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0164

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•13 views

CVE-2026-0160

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-0161

In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0156

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•11 views

CVE-2026-0145

In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS0.00068EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0149

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00285EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0151

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•17 views

CVE-2026-0153

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00068EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0143

In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00073EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-0152

In OSMMapPMRGeneric of pmros.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS0.00071EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0148

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0147

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0150

In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00067EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0144

In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0140

In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

4.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•20 views

CVE-2026-0139

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0141

In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS0.002EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0136

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0135

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00103EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•17 views

CVE-2026-0133

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00067EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0142

In iavbparsekeydata of avbrsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS0.00069EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0138

In lwisiobufferwrite of lwisiobuffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00073EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0134

In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS0.00072EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0137

In edgetpusyncfencegroupshutdown of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00073EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-0132

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00285EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•12 views

CVE-2026-0131

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00072EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0127

In NrmmMsgCodec::DecodeUPUTransparentContext of cnNrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed fo...

6.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0130

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

3.5CVSS0.00173EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•9 views

CVE-2026-0129

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

3.5CVSS0.00168EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•8 views

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•7 views

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7CVSS0.00067EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 8:16 p.m.•10 views

CVE-2026-0128

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

6.5CVSS0.00182EPSS
Exploits0References1
NVD
NVD
•added 2026/06/16 7:17 p.m.•10 views

CVE-2026-53866

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision,...

8.1CVSS0.0026EPSS
Exploits0References2
NVD
NVD
•added 2026/06/16 7:17 p.m.•14 views

CVE-2026-53864

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious...

8.1CVSS0.00246EPSS
Exploits0References2
NVD
NVD
•added 2026/06/16 7:17 p.m.•10 views

CVE-2026-53865

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by...

7.2CVSS0.00119EPSS
Exploits0References2
NVD
NVD
•added 2026/06/16 7:17 p.m.•11 views

CVE-2026-53862

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

5.4CVSS0.00088EPSS
Exploits0References2
NVD
NVD
•added 2026/06/16 7:17 p.m.•12 views

CVE-2026-53861

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command...

9.8CVSS0.0024EPSS
Exploits0References2
Total number of security vulnerabilities364113