Lucene search
K
RedhatcveRecent

206558 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.5AI score0.00648EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8291

A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...

6.5CVSS5AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8965

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the DOM: Security component...

7.5CVSS5.4AI score0.00324EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS4.9AI score0.04261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8951

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Toolbar component in Firefox for Android...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8251

A vulnerability was found in Open5GS up to 2.7.7. This impacts the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made...

6.5CVSS5AI score0.00461EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8969

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

8.1CVSS5.4AI score0.0029EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8952

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Application Update component...

8.8CVSS5.4AI score0.00373EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8116

A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...

6.5CVSS6.3AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

7.2CVSS5.2AI score0.04447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8413

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8772

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...

5.8CVSS5.3AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8349

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

5.3CVSS5AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8781

A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...

5.3CVSS4.9AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.6AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8028

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.3CVSS5AI score0.00401EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8091

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2...

9.8CVSS5.4AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS3.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8376

A flaw was found in Perl. A remote attacker could exploit a heap buffer overflow vulnerability when compiling regular expressions with a repeated fixed string on 32-bit builds. Specifically, the Perlstudychunk function in regcompstudy.c incorrectly calculates the size of the joined substring...

9.8CVSS7.9AI score0.00398EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8268

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPIlistcreate of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed ...

6.5CVSS5AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8127

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...

6.5CVSS6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8433

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8271

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgispeed/cgidhcpdlease/cgiddns/cgisetip/cgiupnpdel/cgidhcpd/cgiupnpadd/cgiupnpedit of the file /cgi-bin/networkmgr.cgi. The manipulation leads to os command injection. The attack is possible to be carri...

7.2CVSS5.3AI score0.04637EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS3.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8136

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...

4.8CVSS3.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8415

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8774

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...

6.5CVSS6.3AI score0.01182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8765

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...

6.5CVSS5.2AI score0.0058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8972

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the WebRTC: Audio/Video component...

8.8CVSS5.4AI score0.0033EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8963

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Web Speech component...

7.5CVSS5.4AI score0.00303EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS5.5AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•12 views

CVE-2026-8783

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

5.3CVSS4.9AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8945

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in Firefox and Firefox Focus for Android...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8495

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

9.8CVSS5.4AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•9 views

CVE-2026-8411

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•10 views

CVE-2026-8288

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

6.5CVSS5.1AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8114

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:43 p.m.•11 views

CVE-2026-8967

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Graphics: WebGPU component...

7.5CVSS5.4AI score0.00332EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•9 views

CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

3.7CVSS5.4AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•10 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS5.5AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•11 views

CVE-2026-8123

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogssbidiscoveryoptionaddsnssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS5.1AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•12 views

CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

7.8CVSS6AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•10 views

CVE-2026-8275

A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogodippprimitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be...

6.3CVSS4.7AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•9 views

CVE-2026-8949

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Widget: Win32 component...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•11 views

CVE-2026-35250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

2.3CVSS7.2AI score0.0011EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:42 p.m.•10 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.4AI score0.00213EPSS
Exploits0References1
Total number of security vulnerabilities206558