Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•12 views

CVE-2026-8833

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•12 views

CVE-2026-11522

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

9CVSS6.3AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•10 views

CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•10 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•11 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•11 views

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•11 views

CVE-2026-11503

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

9CVSS6.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•11 views

CVE-2026-11517

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

9CVSS6.1AI score0.006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•10 views

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS5.4AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•10 views

CVE-2026-11504

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

9CVSS6.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 p.m.•11 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 p.m.•14 views

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS5AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 p.m.•11 views

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 1:41 p.m.•10 views

CVE-2026-46323

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS5.4AI score0.00129EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 2026/06/09 11:54 a.m.•14 views

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/09 11:41 a.m.•9 views

CVE-2026-46315

A flaw was found in the Linux kernel's iouring subsystem, specifically within the IORINGOPWAITID operation. This vulnerability occurs because the waitid information structure is not properly initialized before being copied to userspace. A local user could exploit this to expose stale data from...

5.5CVSS5.4AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/09 9:36 a.m.•16 views

CVE-2026-52903

A deserialization of untrusted data vulnerability was found in ManageIQ. The YamlLoadAliases module overrides YAML.safeload to silently fall back to YAML.unsafeload in production when a Psych::DisallowedClass error occurs. An authenticated attacker with dialog import access can exploit this to...

8.8CVSS6.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/09 9:33 a.m.•17 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11494

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

5.3CVSS5.1AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•13 views

CVE-2026-11495

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•13 views

CVE-2026-41724

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•13 views

CVE-2026-11490

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11497

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

8.8CVSS5.4AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11492

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

8.8CVSS5.1AI score0.00511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11493

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS5AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-41723

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11482

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS7.1AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11489

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•14 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•13 views

CVE-2026-11498

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

9CVSS8.2AI score0.03799EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11499

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...

10CVSS8.5AI score0.06561EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11486

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The...

7.5CVSS7.1AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11485

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•12 views

CVE-2026-11484

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 8:59 a.m.•11 views

CVE-2026-11483

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

7.5CVSS7AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:59 a.m.•14 views

CVE-2026-36786

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•12 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•13 views

CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•17 views

CVE-2026-11477

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•12 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•17 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•13 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•12 views

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•14 views

CVE-2026-11462

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•11 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•13 views

CVE-2026-36789

Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•12 views

CVE-2026-11481

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument contenthash can lead to use of weak hash. T...

2.5CVSS4.5AI score0.00082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/09 2:58 a.m.•15 views

CVE-2026-11478

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.8AI score0.00113EPSS
Exploits0References1
Total number of security vulnerabilities206304