Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 12:8 p.m.6 views

CVE-2026-44089 Buffer Overflow in Totolink EX1200L router

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 10:50 a.m.11 views

CVE-2026-4983

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS5.9AI score0.00226EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/23 8:19 a.m.6 views

CVE-2026-11374 Account Takeover via Predictable SSO Ticket Generation

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

9CVSS5.8AI score0.01237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 7:5 a.m.4 views

CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

5.4AI score0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 a.m.6 views

CVE-2026-8172 Simple Basic Contact Form <= 20250114 - Reflected XSS

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...

5.7AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 a.m.7 views

CVE-2026-7842 Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

5.9AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 a.m.5 views

CVE-2026-8379 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

5.9AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 a.m.4 views

CVE-2026-8163 Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...

6AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 6:0 a.m.5 views

CVE-2026-8378 Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

5.9AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 5:0 a.m.4 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 3:37 a.m.5 views

CVE-2026-55654 Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 3:36 a.m.6 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.0009EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 3:36 a.m.4 views

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

4.3CVSS5.8AI score0.00242EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2026-52673

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...

6.4AI score0.00437EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61022

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.4 views

CVE-2026-39253

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...

6.3AI score0.00805EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.4 views

CVE-2025-55639

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gfisomaddtrackkind function at isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.9AI score0.00352EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61021

An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.7 views

CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61029

An issue in the sqlountry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61019

An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.6 views

CVE-2025-61023

An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.8 views

CVE-2025-61028

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61024

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61018

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 11:58 p.m.4 views

CVE-2026-10658 Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 11:54 p.m.4 views

CVE-2026-10651 Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachable assertion and possible out-of-bounds read

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...

7.1CVSS6AI score0.00173EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 11:48 p.m.12 views

CVE-2026-10645 fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read and zero-progress directory traversal

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

4.9CVSS6.1AI score0.00205EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 10:20 p.m.4 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS5.9AI score0.00146EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/22 10:18 p.m.5 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/22 10:16 p.m.10 views

CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 10:10 p.m.4 views

CVE-2026-54233 vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 10:9 p.m.4 views

CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS5.9AI score0.03816EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:59 p.m.3 views

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:57 p.m.4 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:55 p.m.3 views

CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 9:47 p.m.5 views

CVE-2026-55409 Filament: Disabled RichEditor field state can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:46 p.m.4 views

CVE-2026-48067 Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:43 p.m.3 views

CVE-2026-48167 Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:41 p.m.5 views

CVE-2026-48500 Filament: Unauthenticated temporary file upload on auth pages

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS6AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:40 p.m.4 views

CVE-2026-48166 Filament: Timing-based user enumeration on login page

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:39 p.m.5 views

CVE-2026-48505 Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:30 p.m.4 views

CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:19 p.m.4 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:18 p.m.7 views

CVE-2026-48502 MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension...

8.2CVSS5.9AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:17 p.m.6 views

CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.5 views

CVE-2026-48509 MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.4 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References1
Total number of security vulnerabilities161701