Lucene search
K
RedhatcveRecent

206309 matches found

RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•8 views

CVE-2026-10872

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

8.6CVSS6.8AI score0.02635EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•10 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS6.3AI score0.25323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•10 views

CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS5.9AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•10 views

CVE-2026-10873

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

8.6CVSS6.8AI score0.02695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•11 views

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.5AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•9 views

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS6.7AI score0.02199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•9 views

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS5.6AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•8 views

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•12 views

CVE-2026-48579

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network...

9.1CVSS5.4AI score0.01015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•11 views

CVE-2026-44209

A flaw was found in banks. This vulnerability, known as Server-Side Template Injection SSTI, allows a remote attacker to achieve Remote Code Execution RCE on the host system. This occurs when applications using banks pass user-supplied strings directly as template arguments to the Prompt function...

7.5CVSS6.3AI score0.00539EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•9 views

CVE-2024-27890

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS5.5AI score0.0443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•9 views

CVE-2024-6858

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•8 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS5.7AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/06 12:43 a.m.•10 views

CVE-2026-48567

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.5AI score0.00973EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•10 views

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

5.4CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•10 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS5.6AI score0.00764EPSS
Exploits3References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•11 views

CVE-2023-42343

A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...

6.1CVSS5.4AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•9 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.4AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•7 views

CVE-2023-42344

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

7.3CVSS5.5AI score0.02231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•10 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•10 views

CVE-2023-42345

A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•7 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•8 views

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

9.8CVSS6.7AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•8 views

CVE-2023-54342

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

9.8CVSS6.7AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•8 views

CVE-2023-31316

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

7.1CVSS5.7AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•9 views

CVE-2018-25432

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•11 views

CVE-2025-71216

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS7.5AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:58 p.m.•16 views

CVE-2026-5589

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6.3CVSS5.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:55 p.m.•12 views

CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

4.8CVSS5.5AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-61313

A reflected cross-site scripted XSS vulnerability in the dfm-menumarkeralerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-61311

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-61308

A reflected cross-site scripted XSS vulnerability in the dfm-menumaintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-61312

A reflected cross-site scripted XSS vulnerability in the acc-menupricess.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

6.1CVSS5.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-61306

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•11 views

CVE-2025-61310

A reflected cross-site scripted XSS vulnerability in the acc-menubillings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•14 views

CVE-2025-43290

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

5.5CVSS5.4AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-43524

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox...

8.8CVSS5.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•13 views

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•14 views

CVE-2025-43289

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...

5.5CVSS5.4AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•12 views

CVE-2025-43451

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-52608

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

4.3CVSS5.5AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

1.8CVSS5.5AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•8 views

CVE-2025-52347

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

7.8CVSS5.4AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•9 views

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.5CVSS5.5AI score0.00155EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-61314

A reflected cross-site scripted XSS vulnerability in the dfm-menuorderopt.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

5.5CVSS5.5AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-52611

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:51 p.m.•10 views

CVE-2025-70994

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

7.3CVSS5.5AI score0.00275EPSS
Exploits0References1
Total number of security vulnerabilities206309