161467 matches found
CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
Vulnerabilities are being addressed in the Progress MOVEit Automation system.
Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...
CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
EUVD-2026-27536
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
Exploit for Missing Authentication for Critical Function in Cpanel
No d...
Exploit for Missing Authentication for Critical Function in Vitejs Vite
CVE-2026...
CVE-2026-5753
The CVE CVE-2026-5753 concerns the All-in-One WP Migration Unlimited Extension for WordPress (versions ≤ 2.83). The root cause is Missing Authorization in Ai1wmve_Schedules_Controller::save for admin_post_ai1wm_schedule_event_save, which does not verify user capabilities before saving schedule da...
SUSE CVE-2026-32952
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
SUSE CVE-2026-42041
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...
Exploit for Missing Authentication for Critical Function in Cpanel
🔴 cPanelCVE CVE-2026-41940 — cPanel & WHM Authentication...
PT-2026-37440
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...
PT-2026-38281
Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses in the Feishu webhook and card operation verification processes, allowing...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.21 to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a sandbox noVNC auxiliary routing mechanism that allowed authentication bypass, potentially...
Nginx-UI Settings API Exposes Protected Secrets
The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...
HCL DFXAnalytics 安全漏洞
HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from insufficient transport layer protection. Data is transmitted over the network without encryption, allowing attackers to...
ROS-20260506-73-0030
Vulnerability in tomcat-native related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...
ROS-20260506-73-0039
Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...