Search

Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10655 1 Zephyrproject 1 Zephyr 2026-06-30 6.5 Medium
The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service thread polls each socket via zvfs_poll, which (in zsock_poll_prepare_ctx) registers a k_poll_event pointing into the socket's net_context (&ctx->recv_q) and then blocks in k_poll without holding a reference or lock. net_context objects are allocated from a fixed pool (contexts[CONFIG_NET_MAX_CONTEXTS]) and reused after close. When sntp_close_async is invoked from a different thread than the poll thread (in the in-tree consumer subsys/net/lib/config/init_clock_sntp.c, the SNTP timeout handler runs on the system workqueue while the socket service thread is blocked in poll on the same fd), the close frees and may reuse the net_context while the poll thread still has a poller node linked into the freed object, resulting in a use-after-free / object confusion of kernel poll structures. The SNTP timeout path is the normal no-response failure mode, so a network peer or off-path attacker who drops or delays the SNTP/NTP response can drive the racing close repeatedly (and periodically with NET_CONFIG_SNTP_INIT_RESYNC). The most likely consequence is a crash of the networking thread (denial of service), with potential memory corruption when the freed context slot is reallocated. The fix defers the close to the socket service thread itself via net_socket_service_close (NET_SOCKET_SERVICE_CLOSE_SOCKETS), so the same thread that polls performs the close, eliminating the race. Affected releases: v4.2.0 through v4.4.0.
CVE-2026-10562 2026-06-30 N/A
An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.  An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains. This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829.
CVE-2025-12530 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 5.9 Medium
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-12388 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-06-30 6.5 Medium
A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.
CVE-2026-13207 2026-06-30 7.5 High
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials.
CVE-2025-36319 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
CVE-2025-36320 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 6.4 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36321 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 5.7 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2025-36323 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 5.4 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36324 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-36327 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 6.5 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.
CVE-2025-36328 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.
CVE-2025-36333 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.
CVE-2026-10816 1 Netscaler 2 Adc, Gateway 2026-06-30 N/A
Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
CVE-2025-36336 1 Ibm 1 Watsonxdata Intelligence 2026-06-30 5.9 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2025-36359 1 Ibm 2 Devops Automation, Devops Loop 2026-06-30 8.1 High
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
CVE-2026-9836 1 Ibm 1 Infosphere Information Server 2026-06-30 3.5 Low
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2026-7663 1 Ibm 1 Langflow Oss 2026-06-30 9.1 Critical
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
CVE-2026-43722 1 Apple 2 Ios And Ipados, Macos 2026-06-30 5.5 Medium
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state.
CVE-2025-36372 1 Ibm 1 Db2 2026-06-30 5.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.