Lucene search
K
RedhatcveRecent

206558 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8270

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsnasparseqosrules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The proje...

6.5CVSS5.1AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS5.9AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8432

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8414

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8410

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

8.8CVSS5.5AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

7.5CVSS5.4AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8786

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

6.5CVSS6AI score0.00269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8782

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

5.3CVSS4.9AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8252

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smfnsmfhandlecreatedatainhsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized...

6.5CVSS5.1AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8290

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smfnsmfhandleupdatedatainvsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to...

6.5CVSS5AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8773

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...

5.8CVSS5.2AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8777

A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrvssid results in command injection. The attack can be initiated remotely. T...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8500

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

9.8CVSS5.5AI score0.01653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8416

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8117

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

5.3CVSS3.8AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8269

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smfnsmfhandlecreatesmcontext of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project was...

6.5CVSS5.1AI score0.00471EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

9.8CVSS5.3AI score0.04554EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8784

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function changefilestatus of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

4.6CVSS5.1AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8971

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

6.5CVSS5.4AI score0.00206EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8704

A flaw was found in Crypt-DSA for Perl. This vulnerability arises from the insecure use of the open function with two arguments, which can allow an attacker to modify existing files. This could lead to unauthorized alteration of data, impacting the integrity of the system. Mitigation Mitigation f...

6.5CVSS5AI score0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•13 views

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

7.1CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8766

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

6.5CVSS5AI score0.00316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8964

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Popup Blocker component...

7.5CVSS5.4AI score0.00302EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8353

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

4.8CVSS5.6AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

7.5CVSS5.5AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8412

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8973

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS5.7AI score0.00335EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

4.3CVSS5.5AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•7 views

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

6.5CVSS5.5AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8124

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

5.5CVSS4.5AI score0.00159EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8960

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in WebExtensions...

7.5CVSS5.4AI score0.00376EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8779

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS4.6AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8249

A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS5AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•13 views

CVE-2026-8267

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smfnsmfhandlecreateddatainvsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of...

6.5CVSS5.1AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8250

A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smfn4buildqosflowtomodifylist of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public and...

6.5CVSS5AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8492

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

2.7CVSS5.4AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

8.8CVSS6.4AI score0.03156EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

6.5CVSS5.5AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8264

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is...

8.8CVSS6.3AI score0.02891EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8121

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogssbiparseplmnlist in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to t...

6.5CVSS4.9AI score0.00382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8780

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8255

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...

4.8CVSS3.7AI score0.00202EPSS
Exploits0References1
Total number of security vulnerabilities206558