Lucene search
K

364500 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.19 views

CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-47131

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call.lookupGetter, Buffer, "proto", Buffer.call.call.lookupSetter, Buffer, "proto", and Node.js's ERRINVALIDARGTYPE Error, the host's TypeError constructor can be obtained, which allows the escape from...

10CVSS0.004EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-45536

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS0.00136EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS0.00371EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 3:16 p.m.18 views

CVE-2026-45674

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

10CVSS0.00224EPSS
Exploits0References11
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-44894

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS0.00143EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.11 views

CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00594EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS0.00461EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 3:16 p.m.11 views

CVE-2026-41581

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via getbloglist. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-44205

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.18 views

CVE-2026-10557

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

9.8CVSS0.00353EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-54102

Rejected reason: Reserved but no longer needed...

Exploits0
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-54101

Rejected reason: Reserved but no longer needed...

Exploits0
NVD
NVD
added 2026/06/12 2:16 p.m.13 views

CVE-2026-49993

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

5.9CVSS0.0028EPSS
Exploits1References5
NVD
NVD
added 2026/06/12 2:16 p.m.11 views

CVE-2026-47200

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS0.0023EPSS
Exploits1References2
NVD
NVD
added 2026/06/12 2:16 p.m.15 views

CVE-2026-46342

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

5.4CVSS0.00091EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 2:16 p.m.16 views

CVE-2026-45670

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS0.00208EPSS
Exploits1References3
NVD
NVD
added 2026/06/12 2:16 p.m.13 views

CVE-2026-45669

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

5.4CVSS0.00164EPSS
Exploits1References2
NVD
NVD
added 2026/06/12 2:16 p.m.13 views

CVE-2026-12065

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS0.00106EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 2:16 p.m.13 views

CVE-2026-11967

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 2:16 p.m.16 views

CVE-2026-1836

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-12066

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 2:16 p.m.15 views

CVE-2026-11879

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 1:16 p.m.13 views

CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.15 views

CVE-2026-48485

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.15 views

CVE-2026-47196

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.17 views

CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

7.2CVSS0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 1:16 p.m.13 views

CVE-2026-47195

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 11:16 a.m.17 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 11:16 a.m.13 views

CVE-2026-11848

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

7.9CVSS0.00297EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 11:16 a.m.11 views

CVE-2026-11849

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...

9.8CVSS0.0035EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-50631

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

7.4CVSS0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.11 views

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

7.5CVSS0.0046EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50634

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

6.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.13 views

CVE-2026-50632

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

8.8CVSS0.00646EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 10:16 a.m.13 views

CVE-2026-50633

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...

8.1CVSS0.00782EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 10:16 a.m.15 views

CVE-2026-50623

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

4.8CVSS0.00371EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-50630

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

6.5CVSS0.00404EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50627

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

9.1CVSS0.00418EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-49875

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

9.8CVSS0.00485EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 10:16 a.m.16 views

CVE-2026-50628

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

9.8CVSS0.00629EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-11844

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS0.00407EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.9 views

CVE-2026-11846

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

8.1CVSS0.00401EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.11 views

CVE-2026-11845

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS0.00951EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.11 views

CVE-2026-11847

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

5.3CVSS0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 a.m.12 views

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

5.3CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 a.m.17 views

CVE-2026-11535

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...

9.4CVSS0.00151EPSS
Exploits0References1
Total number of security vulnerabilities364500