Lucene search
K

371517 matches found

CVE
CVE
added 2026/07/02 12:0 a.m.18 views

CVE-2026-38968

ntopng (through 6.6) is reported vulnerable to a Predictable Session Identifier flaw. The issue occurs in HTTPsession creation within src/HTTPserver.cpp, where time-seeded pseudo-randomness can yield deterministic or colliding cookies, enabling session hijacking under attacker-controlled timing. ...

9.8CVSS5.8AI score0.00379EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 12:0 a.m.13 views

CVE-2026-52188

CVE-2026-52188 is a Buffer Overflow in UTT nv518G nv518GV3v3.2.7-210919-161313 affecting the gohead//sub_497498 component. Reported impact is remote denial of service (availability impact) with CVSS 3.1 base score 6.5 (Medium). Connected sources indicate a PoC exists and a potential partial techn...

6.5CVSS5.8AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.12 views

CVE-2026-52187

CVE-2026-52187 describes a Buffer Overflow in the UTT nv518G family (nv518G nv518GV3v3.2.7-210919-161313) that allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component. The NVD entry lists a Network attack vector, no privileges required, no user interaction, and a...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.15 views

CVE-2026-38971

CVE-2026-38971 affects ArduPilot through Plane-4.6.3. It is a real vulnerability: an out-of-bounds read in libraries/GCS_MAVLink/GCS_serial_control.cpp, within GCS_MAVLINK::handle_serial_control(). The CVSS 3.1 vector indicates no authentication, network attack surface, low attack complexity, and...

9.1CVSS5.7AI score0.00482EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/02 12:0 a.m.13 views

CVE-2026-55769

Technical details for CVE-2026-55769 are not publicly available in the provided documents. Monitor for updates to see if a concrete description, affected products, or remediation are released.

Exploits0References4
CVE
CVE
added 2026/07/02 12:0 a.m.13 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00451EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 12:0 a.m.39 views

CVE-2026-49352

The connected document reveals a concrete vulnerability in 9router: a publicly known hardcoded fallback JWT secret, "9router-default-secret-change-me", is used when JWT_SECRET is not set. This secret is committed in the public repository and unchanged across releases, enabling any unauthenticated...

0.0019EPSS
Exploits1References7
CVE
CVE
added 2026/07/02 12:0 a.m.9 views

CVE-2026-55493

Technical details for CVE-2026-55493 are not publicly available in the provided documents. No affected products, impacts, or fixes can be determined. Monitor for updates.

Exploits0References1
CVE
CVE
added 2026/07/02 12:0 a.m.13 views

CVE-2026-52192

CVE-2026-52192 concerns an issue in UTT nv518G/nv518GV3v3.2.7-210919-161313 where a remote attacker can cause a denial of service via the gohead/sub_445C5C component. The primary available details identify the affected product family and the vulnerable component, with the CVSS v3.1 vector indicat...

7.5CVSS5.8AI score0.00409EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.16 views

CVE-2026-38972

Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...

7.8CVSS6.4AI score0.00149EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/02 12:0 a.m.10 views

CVE-2026-52189

CVE-2026-52189 describes a buffer overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313 stack/heap handling within the gohead/sub_487330 component. The issue allows a remote attacker to trigger a denial of service. Documented details are limited to the affected product/version and component nam...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.11 views

CVE-2026-52191

CVE-2026-52191 is a Buffer Overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313, affecting the gohead/sub_444C8C component. The vulnerability enables a remote attacker to cause a denial of service. The provided documents do not specify a patch or remediation; no exploit details are described. ...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:0 a.m.27 views

CVE-2026-49353

9router is affected by an incomplete fix from CVE-2026-46339. The vulnerability arises because the local-only access gate in src/dashboardGuard.js uses HTTP headers (Host and Origin) to determine locality rather than TCP source, making it bypassable when deployed behind reverse proxies or in DNS-...

0.00058EPSS
Exploits0References7
CVE
CVE
added 2026/07/02 12:0 a.m.14 views

CVE-2026-54707

Technical details for CVE-2026-54707 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates.

Exploits0References6
CVE
CVE
added 2026/07/01 11:43 p.m.19 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:31 p.m.15 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:26 p.m.37 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:20 p.m.22 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:13 p.m.40 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:5 p.m.29 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
Rows per page
Query Builder