161354 matches found
web-app-pentest-playbook
Web Application Pentest Playbook A structured methodology and...
CVE-2026-41519
CVE-2026-41519 affects Weblate prior to 5.17.1, where DRF API tokens with wlu_ prefix stored in authtoken_token are not revoked on password change, while browser sessions are invalidated via cycle_session_keys(). The connected advisory confirms the issue impact and provides remediation: upgrade t...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of usernames containing a NUL character when server is configured with RSA-PSK. An attacker can gain unauthorized access by sending a specially crafted username that causes the server...
EUVD-2026-28354
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
ALPINE-CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
RLSA-2026:13857 Important: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CVE-2026-42010
CVE-2026-42010 affects gnutls where servers using RSA-PSK incorrectly match usernames containing a NUL character, causing truncation and an authentication bypass. A remote attacker could exploit by sending a crafted username to gain unauthorized access. Connected advisories confirm a patch: Root ...
CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
CLSA-2026-1778146905 freerdp: Fix of CVE-2022-24883
Reuse centos7els branch for oraclelinux7els - CVE-2022-24883: fix server-side NTLM auth bypass against a SAM database by rejecting auth when SamOpen fails or the user entry is missing...
CVE-2026-43860
A flaw was found in mutt. During the IMAP CRAM-MD5 Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5 authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access...
CVE-2026-43862
A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...
CVE-2026-43859
A flaw was found in mutt, an email client, where it mishandles cryptographic digests used for IMAP Internet Message Access Protocol authentication. This incorrect handling could lead to a low integrity impact, potentially allowing a remote attacker to subtly affect the authentication process...
EUVD-2025-209711
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...
CVE-2025-2514
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...
CLSA-2026-1778142227 nginx: Fix of 2 CVEs
CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...
CoreDNS TSIG authentication bypass on encrypted DNS transports
...