Lucene search
K

161466 matches found

GithubExploit
GithubExploit
added 2026/05/06 5:18 p.m.103 views

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

🔓 CVE-2026-0073: Android adbd Authentication Bypass Proof...

8.8CVSS6AI score0.00541EPSS
Exploits12
NVD
NVD
added 2026/05/06 5:16 p.m.13 views

CVE-2026-20169

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

6.4CVSS0.00205EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 5:5 p.m.9 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the UI server WebSocket. An attacker can gain unauthorized access to sensitive endpoints, such as streaming real-time pod logs, opening an interactive shell inside a running pod, or...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 4:59 p.m.6 views

Missing Authentication for Critical Function

Overview github.com/0xJacky/Nginx-UI is a yet another Nginx Web UI, developed by 0xJacky and Hintay. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the POST /api/install endpoint during the initial setup 10 minutes window, which is accessible...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References3
OSV
OSV
added 2026/05/06 4:59 p.m.4 views

GHSA-H27V-PH7W-M9FP Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 4:42 p.m.8 views

GHSA-VJR5-C9QV-HGM3 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.5AI score0.00281EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/06 4:42 p.m.10 views

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.4CVSS6.5AI score0.00281EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/06 4:16 p.m.31 views

CVE-2026-20034 Cisco Unity Connection Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

8.8CVSS0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.9 views

CVE-2026-20167 Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.31 views

CVE-2026-20185 Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS0.00389EPSS
Exploits0References1
Cisco
Cisco
added 2026/05/06 4:0 p.m.13 views

Cisco Identity Services Engine Authentication Bypass Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information about these vulnerabilities, see the Details "details"...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 3:8 p.m.22 views

CVE-2026-6691

CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/05/06 3:8 p.m.9 views

MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.9 views

CVE-2026-43569

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/06 1:0 p.m.13 views

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Iranian state-sponsored hacking group known as MuddyWater aka Mango Sandstorm, Seedworm, and Static Kitten has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/06 12:30 p.m.5 views

EUVD-2025-209663

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 12:13 p.m.8 views

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00639EPSS
Exploits5References13
OSV
OSV
added 2026/05/06 12:5 p.m.6 views

RLSA-2026:13498 Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.00456EPSS
Exploits2References4
OSV
OSV
added 2026/05/06 11:59 a.m.6 views

CLSA-2026-1778068747 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 11:24 a.m.6 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation due to the missing changeSessionId invocation after session binding. An attacker can hijack user sessions by exploiting the lack of session ID regeneration after authentication. Remediation Upgrade...

9.3CVSS5.8AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder