Lucene search
K
VulnrichmentRecent

163353 matches found

Vulnrichment
Vulnrichment
•added 2026/06/16 2:31 p.m.•14 views

CVE-2026-47684 Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...

7.7CVSS5.2AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 2:20 p.m.•9 views

CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

8.8CVSS5.3AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 2:19 p.m.•7 views

CVE-2026-0646 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 2:10 p.m.•8 views

CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...

8.2CVSS5.2AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 2:10 p.m.•7 views

CVE-2024-22447

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...

6.7CVSS5.7AI score0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:51 p.m.•8 views

CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

8.3CVSS5.4AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:50 p.m.•9 views

CVE-2025-13036 Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...

9.2CVSS5.3AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:46 p.m.•6 views

CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS5.4AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:42 p.m.•7 views

CVE-2026-9307 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

6.3CVSS5.3AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:39 p.m.•7 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 1:28 p.m.•7 views

CVE-2026-10640 Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)

Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...

4.2CVSS6.1AI score0.0037EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/16 1:22 p.m.•8 views

CVE-2026-10639 Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

4.8CVSS6.2AI score0.00232EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/16 1:16 p.m.•7 views

CVE-2026-10638 Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error

subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...

5.9CVSS6.1AI score0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 1:13 p.m.•7 views

CVE-2026-10637 Use-after-free of `net_pkt` in IPv6 MLD send path triggerable by a link-local MLD Query

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

5.9CVSS6.1AI score0.00299EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/16 1:12 p.m.•8 views

CVE-2026-10636 Use-after-free in Zephyr IPv4 IGMP send path (`igmp_send`)

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

3.7CVSS6.1AI score0.00261EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/16 1:10 p.m.•7 views

CVE-2026-11317 Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...

8.7CVSS5.3AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•9 views

CVE-2026-53900 Cookie injection was possible when opening a PDF link

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

5.4AI score0.001EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•8 views

CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link

Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...

5.2AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•7 views

CVE-2026-12330 Incorrect boundary conditions in the Internationalization component

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

5.2AI score0.00164EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•9 views

CVE-2026-12329 Memory safety bug fixed in Thunderbird ESR 140.12

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...

5.2AI score0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•6 views

CVE-2026-12328 Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

5.8AI score0.00476EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/16 11:53 a.m.•7 views

CVE-2026-12327 Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

5.8AI score0.00407EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12326 Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.8AI score0.00251EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12325 Denial-of-service in the Graphics: ImageLib component

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00227EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12324 Incorrect boundary conditions in the Graphics: CanvasWebGL component

Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00209EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00168EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•8 views

CVE-2026-12322 Clickjacking issue in the Widget: Gtk component

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•10 views

CVE-2026-12321 JIT miscompilation in the JavaScript: WebAssembly component

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12320 Information disclosure in the Password Manager component

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00179EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12319 Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•9 views

CVE-2026-12318 Incorrect boundary conditions in the Libraries component in NSS

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12317 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12316 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12315 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00251EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12314 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•8 views

CVE-2026-12313 Information disclosure, sandbox escape in the Security: Process Sandboxing component

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00175EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12312 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•10 views

CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00185EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12310 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12309 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00235EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12308 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12307 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•8 views

CVE-2026-12306 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12305 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00374EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12304 Same-origin policy bypass in the Networking: Cookies component

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00189EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12303 Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component

Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12302 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00248EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•6 views

CVE-2026-12301 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•7 views

CVE-2026-12300 Memory safety bug fixed in Firefox 152

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/16 11:52 a.m.•8 views

CVE-2026-12299 JIT miscompilation in the DOM: Core & HTML component

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

5.2AI score0.00306EPSS
Exploits0References6
Total number of security vulnerabilities163353