Lucene search
K
RedhatcveRecent

206519 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10807

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•16 views

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.1AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10218

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

5.5CVSS5.3AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10812

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

3.6CVSS4.8AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10278

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10719

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...

1.8CVSS5.5AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10809

A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manageuser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS4.9AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10205

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10810

A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to t...

5.3CVSS4AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•13 views

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS6.4AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

7CVSS4.5AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10256

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10274

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10265

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

9.8CVSS6.4AI score0.0501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.5AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•13 views

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

4.6CVSS5.5AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•15 views

CVE-2026-36228

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

7.3CVSS5.9AI score0.00425EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10616

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

5.3CVSS5.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•8 views

CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

7.5CVSS5.6AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10566

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

5.3CVSS5.6AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

7.3CVSS5.7AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-36767

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.6AI score0.00412EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

5.4CVSS5.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS5.5AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-36574

A DLL hijacking vulnerability in Wassimulator GitHub CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

7.8CVSS5.9AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10203

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-36758

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•7 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.5AI score0.00256EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10247

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...

5.1CVSS4AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

7.5CVSS5.4AI score0.00323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

8.8CVSS5.5AI score0.00163EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•8 views

CVE-2026-36189

A flaw was found in Uncrustify. A local attacker could exploit a buffer overflow vulnerability in the uncrustify executable. This vulnerability, occurring within functions such as checktemplate and tokenizecleanup, could allow the attacker to cause a denial of service DoS, making the application...

6.2CVSS5.1AI score0.00134EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References1
Total number of security vulnerabilities206519