Wed, Feb 21 · 06:15 PM CSTCVE-2024-1212
10.0/10 · Must read/watchNVDvuln
Summary
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVECVE-2024-1212
SeverityCRITICAL
TypeUPDATED
PublishedWed, Feb 21 · 06:15 PM CST
ModifiedMon, Jul 13 · 07:49 PM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-46595
10.0/10 · Must read/watchNVDvuln
Summary
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
CVECVE-2026-46595
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Fri, Mar 20 · 05:16 PM CDTCVE-2025-15608
9.8/10 · Must read/watchNVDvuln
Summary
This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug
CVECVE-2025-15608
SeverityCRITICAL
TypeUPDATED
PublishedFri, Mar 20 · 05:16 PM CDT
ModifiedMon, Jul 13 · 07:16 PM CDT
Fri, Jun 12 · 06:16 PM CDTCVE-2026-44172
9.8/10 · Must read/watchNVDvuln
Summary
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_r
CVECVE-2026-44172
SeverityCRITICAL
TypeUPDATED
PublishedFri, Jun 12 · 06:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Fri, May 29 · 08:16 PM CDTCVE-2026-45700
9.8/10 · Must read/watchNVDvuln
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided desti
CVECVE-2026-45700
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 29 · 08:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Wed, Jun 24 · 07:17 PM CDTCVE-2026-49980
9.8/10 · Must read/watchNVDvuln
Summary
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /[remote:path]/object. The remote value is parsed from the URL and passed to normal backend in
CVECVE-2026-49980
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 07:17 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 09 · 08:16 AM CDTCVE-2026-9698
9.8/10 · Must read/watchNVDvuln
Summary
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.
CVECVE-2026-9698
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 08:16 AM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12294
9.6/10 · Must read/watchNVDvuln
Summary
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12294
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12295
9.6/10 · Must read/watchNVDvuln
Summary
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12295
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12296
9.6/10 · Must read/watchNVDvuln
Summary
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12296
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12297
9.6/10 · Must read/watchNVDvuln
Summary
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12297
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Fri, May 22 · 04:16 PM CDTCVE-2026-39821
9.6/10 · Must read/watchNVDvuln
Summary
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a
CVECVE-2026-39821
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Thu, Jun 04 · 02:16 PM CDTCVE-2026-8037
9.6/10 · Must read/watchNVDvuln
Summary
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints
CVECVE-2026-8037
SeverityCRITICAL
TypeUPDATED
PublishedThu, Jun 04 · 02:16 PM CDT
ModifiedMon, Jul 13 · 07:02 PM CDT
Tue, May 12 · 10:16 AM CDTCVE-2026-25786
9.1/10 · Must read/watchNVDvuln
Summary
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropri
CVECVE-2026-25786
SeverityCRITICAL
TypeUPDATED
PublishedTue, May 12 · 10:16 AM CDT
ModifiedTue, Jul 14 · 10:16 AM CDT
Tue, May 12 · 10:16 AM CDTCVE-2026-25787
9.1/10 · Must read/watchNVDvuln
Summary
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user
CVECVE-2026-25787
SeverityCRITICAL
TypeUPDATED
PublishedTue, May 12 · 10:16 AM CDT
ModifiedTue, Jul 14 · 10:16 AM CDT
Fri, May 22 · 04:16 AM CDTCVE-2026-39830
9.1/10 · Must read/watchNVDvuln
Summary
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVECVE-2026-39830
SeverityCRITICAL
TypeUPDATED
PublishedFri, May 22 · 04:16 AM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Thu, May 07 · 04:16 AM CDTCVE-2026-42216
9.1/10 · Must read/watchNVDvuln
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. If th
CVECVE-2026-42216
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 07 · 04:16 AM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Thu, May 07 · 10:16 PM CDTCVE-2026-7891
9.1/10 · Must read/watchNVDvuln
Summary
A vulnerability has been identified in Mendix Runtime (All versions). Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead application develope
CVECVE-2026-7891
SeverityCRITICAL
TypeUPDATED
PublishedThu, May 07 · 10:16 PM CDT
ModifiedTue, Jul 14 · 10:16 AM CDT
Wed, Jan 08 · 05:15 PM CSTCVE-2014-5287
8.8/10 · Worth your timeNVDvuln
Summary
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
CVECVE-2014-5287
SeverityHIGH
TypeUPDATED
PublishedWed, Jan 08 · 05:15 PM CST
ModifiedMon, Jul 13 · 07:49 PM CDT
Wed, Oct 09 · 04:15 PM CDTCVE-2019-13529
8.8/10 · Worth your timeNVDvuln
Summary
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease o
CVECVE-2019-13529
SeverityHIGH
TypeUPDATED
PublishedWed, Oct 09 · 04:15 PM CDT
ModifiedMon, Jul 13 · 05:16 PM CDT
Wed, Mar 25 · 06:16 PM CDTCVE-2025-67030
8.8/10 · Worth your timeNVDvuln
Summary
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
CVECVE-2025-67030
SeverityHIGH
TypeUPDATED
PublishedWed, Mar 25 · 06:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12289
8.8/10 · Worth your timeNVDvuln
Summary
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12289
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Tue, Jun 16 · 01:16 PM CDTCVE-2026-12291
8.8/10 · Worth your timeNVDvuln
Summary
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVECVE-2026-12291
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 16 · 01:16 PM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Thu, May 07 · 04:16 AM CDTCVE-2026-41142
8.8/10 · Worth your timeNVDvuln
Summary
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap OOB write via
CVECVE-2026-41142
SeverityHIGH
TypeUPDATED
PublishedThu, May 07 · 04:16 AM CDT
ModifiedMon, Jul 13 · 01:16 PM CDT
Wed, May 13 · 07:16 PM CDTCVE-2026-0240
8.7/10 · Worth your timeNVDvuln
Summary
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configuration settings.
CVECVE-2026-0240
SeverityHIGH
TypeUPDATED
PublishedWed, May 13 · 07:16 PM CDT
ModifiedMon, Jul 13 · 01:56 PM CDT