Lucene search
+L

372120 matches found

cve
cve
added 2026/07/02 4:6 p.m.19 views

CVE-2026-55950

This CVE (CVE-2026-55950) describes a TOCTOU race in Erlang/OTP ssl (dtls_packet_demux.erl) where a DTLS listener’s shared demux process can be crashed by an unauthenticated remote attacker sending rapid ClientHello datagrams from the same source IP/port. The race in the internal gb_trees store l...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software2
cve
cve
added 2026/07/02 4:6 p.m.21 views

CVE-2026-54886

The vulnerability CVE-2026-54886 affects Erlang/OTP's SSH server side (ssh_sftpd) and allows an authenticated SFTP client to trigger an infinite loop on a channel by sending SSH_MSG_CHANNEL_EXTENDED_DATA. The handle_data/4 clause tail-calls itself when a non-zero data_type_code arrives with an em...

5.3CVSS6AI score0.0033EPSS
Exploits0References5Affected Software2
cve
cve
added 2026/07/02 4:6 p.m.23 views

CVE-2026-55952

Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References7Affected Software2
cve
cve
added 2026/07/02 4:6 p.m.16 views

CVE-2026-54887

CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software2
cve
cve
added 2026/07/02 4:6 p.m.22 views

CVE-2026-53422

CVE-2026-53422 describes an observable response discrepancy in Erlang/OTP ssh_sftpd where the REALPATH handling bypasses the root check, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The uncanonicalized path can trigger resolve_sy...

4.3CVSS5.8AI score0.00262EPSS
Exploits0References7Affected Software2
cve
cve
added 2026/07/02 4:2 p.m.23 views

CVE-2026-50281

Craft CMS vulnerability CVE-2026-50281 affects versions 5.7.0 through 5.9.20. A mass-assignment flaw in the bulk-duplicate element action allows an attacker who can duplicate their own entries to submit an arbitrary id via the newAttributes parameter. The duplication flow clones the source elemen...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
cve
cve
added 2026/07/02 4:0 p.m.27 views

CVE-2026-44935

The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 3:26 p.m.21 views

CVE-2026-50027

Technical details for CVE-2026-50027 are not publicly available in the provided documents. No affected products, components, impact, or remediation are specified. Monitor for updates and additional disclosures.

Exploits0References9
cve
cve
added 2026/07/02 3:19 p.m.54 views

CVE-2026-44941

CVE-2026-44941: libzypp path traversal via the keyhint option in repomd.xml parsing was fixed in libzypp 17.38.13. The issue allowed a malicious repository to inject/overwrite files as root due to treating keyhint as a path. The remediation is to upgrade libzypp components (and related libsolv/li...

8.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/07/02 3:12 p.m.20 views

CVE-2026-58455

Dockwatch 0.6.567 is affected by an unauthenticated OS command injection. The flaw arises from a missing exit() after an authentication redirect in loader.php and unsanitized input passed to shell_exec() in ajax/compose.php, allowing an attacker to seed a session flag via an incomplete auth check...

9.8CVSS6.1AI score0.0119EPSS
Exploits0References2
cve
cve
added 2026/07/02 2:54 p.m.21 views

CVE-2026-56004

The vulnerability CVE-2026-56004 affects the obs tar_scm source service’s mercurial handler. A shellcode injection in the mercurial handler could allow an attacker who supplies a crafted _service file to execute code as the source service or as the local user checking out the malicious services, ...

10CVSS5.9AI score0.00375EPSS
Exploits0References1
cve
cve
added 2026/07/02 2:50 p.m.53 views

CVE-2026-55114

The CVE-2026-55114 entry concerns UniFi Network Application. Affected component: the UniFi Network Application itself, with an Improper Access Control vulnerability that allows a user with network access and low privileges to escalate privileges within the application. The CVSSv3.1 vector (AV:N/A...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.29 views

CVE-2026-55119

The CVE-2026-55119 entry concerns a vulnerability in UniFi Talk Application described as Improper Access Control that could allow a user with network access and low privileges to escalate privileges within the UniFi Talk Application. This is supported by the connected documents which cite a CVSS ...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.41 views

CVE-2026-56842

CVE-2026-56842 : A vulnerability in UniFi Network Application allows a malicious actor with network access to persist privileges after the access is removed, due to an Incorrect Authorization flaw. The CVSS v3.1 base score is 7.5 (HIGH) with vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. Affected co...

7.5CVSS5.7AI score0.00214EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.16 views

CVE-2026-56841

CVE-2026-56841 describes an authenticated SQL Injection vulnerability in UniFi Protect Application. A network-accessible attacker with low privileges can exploit this to escalate privileges on the host device. Affected software: UniFi Protect Application (specific versions not stated in the provi...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.20 views

CVE-2026-55113

CVE-2026-55113 involves a Server-Side Request Forgery (SSRF) in the UniFi Talk Application that can allow a remote attacker with network access to cause a Denial of Service and bypass authentication on certain UniFi Talk API endpoints. The vulnerability affects the UniFi Talk platform’s API surfa...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.13 views

CVE-2026-55112

Technical details for CVE-2026-55112 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.40 views

CVE-2026-55115

The CVE-2026-55115 entry describes a Server-Side Request Forgery (SSRF) in the UniFi Protect Application that could allow a low-privilege, network-accessible attacker to escalate privileges on the host. The available sources state the affected component as the UniFi Protect Application and identi...

9.9CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.35 views

CVE-2026-55118

CVE-2026-55118 concerns UniFi Network Application with an Improper Access Control flaw that could allow a malicious actor with network access and low privileges to escalate privileges within the UniFi Network Application. The connected records provide CVSS 3.1 details (AV:N/AC:L/PR:L/UI:N/S:U/C:L...

8.3CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:50 p.m.19 views

CVE-2026-55117

The CVE-2026-55117 entry describes a path traversal vulnerability in UniFi Access Application. The vulnerability could allow an attacker with network access to access files on the host device via the affected component, exposing potentially sensitive information. Documented details do not specify...

8.6CVSS5.8AI score0.00382EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder