Lucene search
K
RedhatcveRecent

206676 matches found

RedhatCVE
RedhatCVE
•added 2026/06/04 12:9 a.m.•20 views

CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

6.5CVSS5.6AI score0.00228EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•19 views

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

6.5CVSS5.8AI score0.00723EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•15 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

9.8CVSS5.8AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•12 views

CVE-2026-33553

Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS...

6.1CVSS5.8AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•13 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•16 views

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

8.8CVSS6.4AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•14 views

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•11 views

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•16 views

CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

5.3CVSS5.3AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•13 views

CVE-2026-10221

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•17 views

CVE-2026-10209

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

6.5CVSS6.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•13 views

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•16 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•11 views

CVE-2026-10284

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•12 views

CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

6.1CVSS5.8AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•14 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•15 views

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•13 views

CVE-2026-10115

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•15 views

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

7.4CVSS5.8AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•15 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•15 views

CVE-2026-42849

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

9.3CVSS5.7AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 10:1 p.m.•16 views

CVE-2026-10122

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocolname leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has...

9CVSS7.6AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/03 9:51 p.m.•14 views

CVE-2026-48587

A flaw was found in Django. Remote attackers can exploit this vulnerability due to django.utils.cache.hasvaryheader not properly stripping whitespace from Vary response header values. This allows an attacker to read cached responses by sending requests to URLs with whitespace-padded Vary header...

5.3CVSS5.6AI score0.00354EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 9:51 p.m.•16 views

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

5.3CVSS5.7AI score0.00285EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 9:51 p.m.•17 views

CVE-2026-35193

A flaw was found in Django. This vulnerability allows a remote attacker to read private cached responses. This occurs because the UpdateCacheMiddleware in Django does not correctly add the Authorization header to the Vary response header for requests that include an Authorization header but lack...

3.1CVSS5.7AI score0.00359EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 9:51 p.m.•12 views

CVE-2026-7666

A flaw was found in Django. An on-path network attacker could exploit a vulnerability in django.core.mail.backends.smtp.EmailBackend where a partially-initialized connection is reused after a failed STARTTLS handshake when failsilently=True. This could allow the attacker to intercept and read ema...

3.1CVSS5.6AI score0.0015EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 9:51 p.m.•11 views

CVE-2026-6873

A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...

4.3CVSS5.7AI score0.00245EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 9:47 p.m.•15 views

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

9.6CVSS7.6AI score0.00531EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/03 9:23 p.m.•14 views

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

6.3CVSS5.7AI score0.00492EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/03 8:40 p.m.•12 views

CVE-2026-46258

A flaw was found in the Linux kernel's gpio: cdev module. A NULL pointer dereference in the linehandlecreate function can occur, leading to a system crash. This vulnerability could allow a local attacker to cause a Denial of Service DoS...

5.5CVSS5.8AI score0.001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:40 p.m.•10 views

CVE-2026-41999

Incorrect Behaviour of Views with TCP PROXY Requests...

4.8CVSS5.4AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/03 8:30 p.m.•11 views

CVE-2026-46245

A flaw was found in the Linux kernel's AMD GPU display driver. The amdgpudmhpdinit function, responsible for Hot-Plug Detect HPD initialization, may attempt to dereference a null dclink when handling certain connectors. This unconditional dereference can lead to a system crash, allowing a local...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:29 p.m.•10 views

CVE-2026-46260

A flaw was found in the Linux kernel's IPv6 networking subsystem. This vulnerability, an out-of-bound read, occurs during the creation of an IPv6 route with specific parameters. A local attacker could exploit this flaw to cause memory corruption, potentially leading to system instability or a...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:29 p.m.•11 views

CVE-2026-46273

A flaw was found in the Linux kernel's ibmveth driver. This vulnerability occurs when physical adapters on Power systems attempt to perform Generic Segmentation Offload GSO with a Maximum Segment Size MSS less than 224 bytes. A remote attacker could exploit this by sending specially crafted netwo...

8.6CVSS5.8AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:12 p.m.•9 views

CVE-2026-46254

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability arises when AppArmor processes unaligned Deterministic Finite Automaton DFA tables, which can originate from either kernel or userspace. The unaligned memory access triggered by these tables can lead to system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:12 p.m.•10 views

CVE-2026-46250

A flaw was found in the Linux kernel, specifically affecting the MIPS architecture when compiled with LLVM. This vulnerability occurs because LLVM incorrectly restores the $gp register, which is used as a global register variable, after it has been intentionally modified during kernel relocation...

7.3CVSS5.7AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:5 p.m.•9 views

CVE-2026-46271

A flaw was found in the Linux kernel's ath12k Wi-Fi driver. When a multi-link connection is active, the firmware incorrectly enables Wake-on-Wireless WoW offloads on both primary and secondary links. This misconfiguration can lead to a firmware crash on WCN7850 devices, resulting in a Denial of...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 8:5 p.m.•9 views

CVE-2026-46268

A flaw was found in the Linux kernel's PCI/P2PDMA subsystem. Specifically, a warning condition in the p2pmemallocmmap function can be triggered due to an incorrect page reference count assertion. This issue occurs when the CONFIGDEBUGVM option is enabled, leading to kernel warning messages. While...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:56 p.m.•10 views

CVE-2026-46244

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftinner module. This vulnerability arises from an incorrect handling of IPv6 inner packet processing, where the transport header offset innerthoff becomes desynchronized from the Layer 4 protocol l4proto. A remot...

9.1CVSS5.8AI score0.00322EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:56 p.m.•12 views

CVE-2026-46262

A flaw was found in the Linux kernel's audio subsystem, specifically in the fslxcvr module. This vulnerability allows a local user to trigger a deadlock condition within the system. By attempting to acquire a read lock while already holding a write lock in the same process, the system can become...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:48 p.m.•9 views

CVE-2026-46270

A flaw was found in the Linux kernel's power supply driver, specifically in the rt9455 component. This vulnerability, a use-after-free, occurs due to a race condition during the system's shutdown process where an interrupt can access memory that has already been released. This can lead to system...

8.4CVSS5.8AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:47 p.m.•10 views

CVE-2026-46269

A flaw was found in the Linux kernel's k230 pinctrl driver. During the probing process, a NULL pointer dereference can occur when parsing the devicetree. This vulnerability allows a local attacker to trigger a system crash, leading to a Denial of Service DoS. The issue arises from attempting to...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:41 p.m.•9 views

CVE-2026-46266

A flaw was found in the Linux kernel's handling of RAW sockets using IPPROTORAW. A remote attacker could send a specially crafted ICMP Internet Control Message Protocol packet. This malicious packet could set the protocol field to 255, causing it to be processed by a RAW socket configured for...

9.1CVSS5.8AI score0.00346EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:37 p.m.•11 views

CVE-2026-46256

A flaw was found in the Linux kernel, specifically within the NFS Network File System LOCALIO optimization. This vulnerability allows for a recursion deadlock to occur during direct reclaim operations. When LOCALIO attempts to write pages back into NFS via nfswritepages, it can lead to a system...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:36 p.m.•11 views

CVE-2026-46252

A flaw was found in the Linux kernel's regulator core. Incorrect handling of locking in the regulatorresolvesupply function's error path can trigger a lockdep warning. This issue may allow for concurrent access problems, potentially leading to system instability or a denial of service DoS conditi...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:34 p.m.•9 views

CVE-2026-46264

A flaw was found in the Linux kernel's drm/xe/pf component. This vulnerability arises during the initialization of the sysfs interface, where an error in devmaddactionorreset can cause a cleanup action to execute on an uninitialized kernel object. This can lead to a use-after-free condition, whic...

8.8CVSS5.9AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:34 p.m.•8 views

CVE-2026-46247

A flaw was found in the Linux kernel's GFX3D clock driver. This vulnerability can lead to a system crash when the GFX3D clock rate is being determined. The issue stems from an incorrect parent map that fails to provide the necessary clock information, resulting in a Denial of Service DoS for the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/03 7:32 p.m.•11 views

CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

4.7CVSS5.7AI score0.00096EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/03 7:32 p.m.•11 views

CVE-2026-45702

A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/03 7:28 p.m.•9 views

CVE-2026-46246

A flaw was found in the Linux kernel's pm8916lbc power supply driver. A race condition during device removal can cause a 'use-after-free' vulnerability, where the system attempts to access memory that has already been deallocated. This can lead to system instability, including crashes, effectivel...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4
Total number of security vulnerabilities206676