Lucene search
K

368753 matches found

CVE
CVE
added 4 days ago10 views

CVE-2026-13125

GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-55493

Technical details for CVE-2026-55493 are not publicly available in the provided documents. No affected products, impacts, or fixes can be determined. Monitor for updates.

Exploits0
CVE
CVE
added 4 days ago11 views

CVE-2026-54706

Technical details for CVE-2026-54706 are not publicly available in the provided documents. Monitor for updates.

Exploits0References6
CVE
CVE
added 4 days ago10 views

CVE-2026-55769

Technical details for CVE-2026-55769 are not publicly available in the provided documents. Monitor for updates to see if a concrete description, affected products, or remediation are released.

Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-55765

Technical details are not publicly available in the provided documents for CVE-2026-55765. No affected product, component, root cause, impact, or remediation is specified. Monitor for updates.

Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-54707

Technical details for CVE-2026-54707 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates.

Exploits0References6
CVE
CVE
added 4 days ago20 views

CVE-2026-49353

9router is affected by an incomplete fix from CVE-2026-46339. The vulnerability arises because the local-only access gate in src/dashboardGuard.js uses HTTP headers (Host and Origin) to determine locality rather than TCP source, making it bypassable when deployed behind reverse proxies or in DNS-...

0.00058EPSS
Exploits0References7
CVE
CVE
added 4 days ago19 views

CVE-2026-49352

The connected document reveals a concrete vulnerability in 9router: a publicly known hardcoded fallback JWT secret, "9router-default-secret-change-me", is used when JWT_SECRET is not set. This secret is committed in the public repository and unchanged across releases, enabling any unauthenticated...

0.0019EPSS
Exploits1References6
CVE
CVE
added 4 days ago11 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS5.8AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

9.1CVSS5.7AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-52189

CVE-2026-52189 describes a buffer overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313 stack/heap handling within the gohead/sub_487330 component. The issue allows a remote attacker to trigger a denial of service. Documented details are limited to the affected product/version and component nam...

7.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-38969

CVE-2026-38969 affects WEBrick (Ruby) up to v1.9.2. The flaw arises when WEBrick re-parses the trailer Content-Length, placing it into the canonical request state and enabling request smuggling. Documented impact includes potential bypass of security controls and information injection if exposed ...

7.5CVSS5.8AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-38972

Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...

7.8CVSS6.4AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-52188

CVE-2026-52188 is a Buffer Overflow in UTT nv518G nv518GV3v3.2.7-210919-161313 affecting the gohead//sub_497498 component. Reported impact is remote denial of service (availability impact) with CVSS 3.1 base score 6.5 (Medium). Connected sources indicate a PoC exists and a potential partial techn...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-52191

CVE-2026-52191 is a Buffer Overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313, affecting the gohead/sub_444C8C component. The vulnerability enables a remote attacker to cause a denial of service. The provided documents do not specify a patch or remediation; no exploit details are described. ...

7.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-52187

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub483ba0 component...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-52192

CVE-2026-52192 concerns an issue in UTT nv518G/nv518GV3v3.2.7-210919-161313 where a remote attacker can cause a denial of service via the gohead/sub_445C5C component. The primary available details identify the affected product family and the vulnerable component, with the CVSS v3.1 vector indicat...

7.5CVSS5.8AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder