365341 matches found
CVE-2026-9653
A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device...
CVE-2026-8590
Vulnerability in Spotfire Spotfire Enterprise Spotfire Server modules, Spotfire Spotfire Enterprise with External Consumers Spotfire Server modules, Spotfire Spotfire on Kubernetes Spotfire Server modules. This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0,...
CVE-2026-9140
A denial-of-service security issue exists in the 1719-AENTR. The security issue stems from improper handling of a UDP unicast network storm, which causes the device to become overloaded and lose communication. A power cycle is required to recover...
CVE-2026-60114
Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...
CVE-2026-58479
Sustainable Irrigation Platform SIP through version 5.2.16 contains a command injection vulnerability in the optional clicontrol plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin'...
CVE-2026-58476
Sustainable Irrigation Platform SIP through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSR...
CVE-2026-58478
Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...
CVE-2026-58477
Sustainable Irrigation Platform SIP through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to...
CVE-2026-58475
Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...
CVE-2026-51105
Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OPSERVERMESSAGE Handler...
CVE-2026-52837
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...
CVE-2026-15736
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...
CVE-2026-15696
A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2026-15694
A vulnerability was detected in Tenda BE12 Pro 16.03.66.23. Impacted is the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used...
CVE-2026-15695
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...
CVE-2026-14903
Path traversal in Ivanti Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root...
CVE-2026-15265
A path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and lower allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially leading to remote code execution...
CVE-2026-14902
An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs...
CVE-2026-10714
A security issue exists within FactoryTalk® Services Platform FTSP, allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA, enabling an attacker to set the...
CVE-2026-10573
A denial-of-service security issue exists in 1734 POINT I/O™ module. The security issue stems from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. A restart is required to recover...
CVE-2026-10669
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
CVE-2026-10671
In Zephyr's kernel pipe implementation, the userspace syscall verifier zvrfykpipeinit in kernel/pipe.c used KSYSCALLOBJ which requires the kernel object to already be initialized instead of KSYSCALLOBJNEVERINIT which rejects an already-initialized object. As a result, on CONFIGUSERSPACE builds an...
CVE-2026-10670
The CONFIGUSERSPACE verification handler for the kthreadnamecopy system call zvrfykthreadnamecopy in kernel/thread.c calls kobjectfind on the caller-supplied thread pointer and then dereferences the returned struct kobject without checking it for NULL. kobjectfind returns NULL whenever the suppli...
CVE-2026-10672
subsys/net/lib/lwm2m/lwm2mpullcontext.c copied the firmware-update Package URI into a fixed static buffer context.uri, size CONFIGLWM2MSWMGMTPACKAGEURILEN, default 128 with memcpycontext.uri, uri, LWM2MPACKAGEURILEN, copying exactly the destination size with no length validation. The...
CVE-2025-12012
A denial-of-service issue exists in 5380/5480/5580 controllers. This vulnerability could potentially allow a malicious user to write invalid file data to the controller, causing the device to enter a major non-recoverable fault MNRF...
CVE-2025-12011
A denial-of-service issue exists in 5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fault MNRF...
CVE-2026-53566
Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windows. This issue affects Citrix Secure Access Client for Windows: before 26.6.1.20...
CVE-2026-15693
A security vulnerability has been detected in Tenda BE12 Pro 16.03.66.23. This issue affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...
CVE-2026-8314
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the siman.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8085
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the model.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8313
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-8312
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the expmt.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...
CVE-2026-62390
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Kylin. A backend API refreshing table catalog may cause the injection to the generated SQL. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version...
CVE-2026-62393
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...
CVE-2026-62392
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...
CVE-2026-53565
Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7...
CVE-2026-49488
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OpenMeetings. This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with moderator rights in any room can read arbitrary files accessible to the OS account running the OM...
CVE-2026-15719
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6...
CVE-2026-15692
A weakness has been identified in Tenda BE12 Pro 16.03.66.23. This vulnerability affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit ha...
CVE-2026-15718
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6...
CVE-2026-15691
A security flaw has been discovered in Tenda BE12 Pro 16.03.66.23. This affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...
CVE-2026-15305
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...
CVE-2026-12588
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consumes an excessive amount of system resources thus causing a Denial of Service...
CVE-2026-10577
A security issue exists within the 1715-AENTR EtherNet/IP Adapter. The affected product exposes a network-accessible debug port that does not enforce proper privilege controls, allowing unauthenticated remote access to intrusive command-line interface CLI commands. If exploited, a threat actor...
CVE-2026-9341
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.0 via the 'savelessonnote', 'getlessonnote', and 'completelessonvideo' AJAX handlers due to missing validation on...
CVE-2026-15690
A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/uaclientconnect.c of the component Shared Client Library. Such manipulation of the argument ServerNamespaceArray leads to null pointer dereference. Th...
CVE-2026-62422
In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-15389
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...
CVE-2026-56451
A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...
CVE-2026-58319
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...