Lucene search
K
RedhatcveRecent

206548 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39830

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS5.5AI score0.00533EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39111

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data...

7.5CVSS5.7AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-39826

A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting XSS. An...

6.1CVSS5.3AI score0.00371EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

6.3CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39835

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39831

A flaw was found in golang.org/x/crypto/ssh. The Verify method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS5.6AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39829

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS4.9AI score0.00415EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.4AI score0.00784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS5.6AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

3.3CVSS5.5AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0041

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•8 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•12 views

CVE-2026-39109

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page index.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database...

9.4CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•12 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.6AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•12 views

CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS5.6AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0085

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

8.2CVSS5.7AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

7.5CVSS5.5AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0067

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

7.8CVSS5.6AI score0.00058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•12 views

CVE-2026-39828

A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate...

8.8CVSS5.4AI score0.00314EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00067EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-39833

A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0056

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.6AI score0.00069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0069

In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0074

In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0016

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS5.6AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0096

In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0205

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services...

6.8CVSS5.4AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0043

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•8 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9CVSS5.6AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0930

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

4.3CVSS5.5AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0039

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0098

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•12 views

CVE-2026-0040

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0052

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0079

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.7AI score0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•10 views

CVE-2026-0018

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-0093

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•11 views

CVE-2026-0099

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0206

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall...

4.9CVSS5.5AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS5.5AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•8 views

CVE-2026-0044

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0059

In multiple functions of sdpdiscovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS6.4AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:44 p.m.•9 views

CVE-2026-0060

In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
Total number of security vulnerabilities206548