Lucene search
+L
RedhatcveRecent

206772 matches found

redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-46030

A flaw was found in the Linux kernel's EDAC/versalnet component. The mcprobe function fails to release a devicenode reference obtained from ofparsephandle. This oversight leads to a memory leak, which could potentially result in a Denial of Service DoS condition due to resource exhaustion...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-46028

A flaw was found in the Linux kernel's algifaead Authenticated Encryption with Associated Data subsystem. Asynchronous async requests for AEAD operations use a shared initialization vector IV buffer. This shared state can be modified by subsequent socket activity before an async request fully...

7CVSS5.8AI score0.00123EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.16 views

CVE-2026-46029

A flaw was found in the Linux kernel. In uniprocessor UP kernel configurations, a race condition can occur within the slab memory allocator when kmallocnolock is invoked from a Non-Maskable Interrupt NMI context. This allows the allocator to attempt to acquire a spinlock that is already held,...

7CVSS5.8AI score0.00147EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.15 views

CVE-2026-9568

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

5.1CVSS5.2AI score0.00219EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.15 views

CVE-2026-9484

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroomid can lead to improper authorization...

6.5CVSS6.4AI score0.00272EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.12 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS6.3AI score0.00337EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.17 views

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00192EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.20 views

CVE-2026-9527

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.3CVSS4.4AI score0.00336EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS6.5AI score0.01803EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.13 views

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

5.2CVSS6AI score0.00177EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.13 views

CVE-2026-9400

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument subdir can lead to command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.19 views

CVE-2026-9412

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.13 views

CVE-2026-9424

A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.12 views

CVE-2026-9418

A flaw has been found in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /changepassemp.php. Executing a manipulation of the argument ID can lead to cross site scripting. The attack may be performed from remote. The exploit has...

5.3CVSS4.1AI score0.00263EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.17 views

CVE-2026-9379

A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argument pinCode causes command injection. The attack can be initiated remotely. The exploit has been ma...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.12 views

CVE-2026-9301

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...

6.5CVSS6AI score0.00228EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.18 views

CVE-2026-9366

A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function scancontextcontent of the file agent/promptbuilder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.15 views

CVE-2026-9354

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument formatmessage results in escaping of output. The attack can be executed remotely. The exploit is n...

6.9CVSS6.3AI score0.00336EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.11 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.14 views

CVE-2026-9573

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS7AI score0.00259EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.14 views

CVE-2026-48135

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

5.3CVSS5.8AI score0.02607EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:14 p.m.13 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS5.8AI score0.00286EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2026-42335

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

6.3CVSS5.8AI score0.00232EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.12 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.14 views

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

5.3CVSS6AI score0.0041EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.20 views

CVE-2026-24198

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of...

5.6CVSS5.8AI score0.00155EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.12 views

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.17 views

CVE-2026-9478

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

10CVSS7AI score0.01909EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.19 views

CVE-2026-24201

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure...

5.8CVSS5.8AI score0.00143EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-9360

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely...

9CVSS7.8AI score0.00445EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

10CVSS7AI score0.01732EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.11 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2026-24199

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service...

4.7CVSS5.8AI score0.00092EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.16 views

CVE-2025-33221

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

6CVSS5.8AI score0.00175EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS5.7AI score0.0023EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.10 views

CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

6.5CVSS5.8AI score0.00125EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.17 views

CVE-2025-36122

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.16 views

CVE-2025-36126

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

7.6CVSS5.8AI score0.00185EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.12 views

CVE-2026-8855

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

9.8CVSS6.5AI score0.00456EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.15 views

CVE-2026-9385

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...

10CVSS7AI score0.01732EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.18 views

CVE-2026-9348

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...

9CVSS7.7AI score0.00445EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.14 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References1
Total number of security vulnerabilities206772