Lucene search
K

364822 matches found

NVD
NVD
added 2026/06/09 5:17 p.m.18 views

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS0.00513EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-33113

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

6.1CVSS0.00522EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-32193

Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally...

8.8CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-28301

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-26142

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...

9.8CVSS0.01914EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.15 views

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS0.00154EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS0.00139EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-22926

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-0419

Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...

8CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

8.2CVSS0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:16 p.m.11 views

CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

6.8CVSS0.00245EPSS
Exploits0References36
NVD
NVD
added 2026/06/09 5:16 p.m.16 views

CVE-2026-0415

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS0.00229EPSS
Exploits0References14
NVD
NVD
added 2026/06/09 5:16 p.m.11 views

CVE-2026-0416

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router...

6.8CVSS0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:16 p.m.12 views

CVE-2026-0417

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...

6.8CVSS0.00229EPSS
Exploits0References28
NVD
NVD
added 2026/06/09 5:16 p.m.12 views

CVE-2026-0411

An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...

8CVSS0.00278EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:16 p.m.12 views

CVE-2026-0413

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS0.00323EPSS
Exploits0References15
NVD
NVD
added 2026/06/09 5:16 p.m.23 views

CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:16 p.m.13 views

CVE-2026-0414

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:16 p.m.17 views

CVE-2026-0409

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:16 p.m.14 views

CVE-2026-0410

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

5.7CVSS0.00219EPSS
Exploits0References20
NVD
NVD
added 2026/06/09 4:16 p.m.15 views

CVE-2026-8025

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...

9.8CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.12 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.18 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 4:16 p.m.12 views

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.33 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS0.23393EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.14 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS0.00151EPSS
Exploits1References1
NVD
NVD
added 2026/06/09 4:16 p.m.15 views

CVE-2026-24065

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

8.1CVSS0.00323EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 4:16 p.m.13 views

CVE-2025-67862

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...

6.7CVSS0.00144EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.26 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS0.99041EPSS
Exploits6References3
NVD
NVD
added 2026/06/09 4:16 p.m.10 views

CVE-2026-10727

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS0.01634EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 4:16 p.m.9 views

CVE-2026-10523

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

9.9CVSS0.4719EPSS
Exploits4References1
NVD
NVD
added 2026/06/09 2:16 p.m.13 views

CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

8.7CVSS0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.20 views

CVE-2026-7486

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2...

9.8CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 2:16 p.m.14 views

CVE-2026-52906

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...

7.7CVSS0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.13 views

CVE-2026-52907

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...

7.8CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.28 views

CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS0.00152EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.18 views

CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

5.5CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.13 views

CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

5.5CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 2:16 p.m.18 views

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.13 views

CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.15 views

CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.38 views

CVE-2026-46325

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

9.8CVSS0.00347EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 2:16 p.m.15 views

CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS0.00132EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.15 views

CVE-2026-46328

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers wh...

7.3CVSS0.00114EPSS
Exploits0References8
NVD
NVD
added 2026/06/09 2:16 p.m.19 views

CVE-2026-46327

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

7.8CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.15 views

CVE-2026-46330

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

7.8CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.16 views

CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.5CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.17 views

CVE-2026-46332

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

8CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.17 views

CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS0.00258EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 2:16 p.m.15 views

CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS0.00291EPSS
Exploits0References2
Total number of security vulnerabilities364822