Lucene search
K

161467 matches found

NVD
NVD
added 2026/05/06 11:16 a.m.9 views

CVE-2025-59852

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

9.1CVSS0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 10:25 a.m.31 views

CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 10:25 a.m.5 views

CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/06 9:18 a.m.9 views

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

9.8CVSS6AI score0.05633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:20 a.m.9 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 6:47 a.m.8 views

EUVD-2026-27536

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/05/06 5:52 a.m.70 views

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

9.8CVSS6AI score0.981EPSS
Exploits64
GithubExploit
GithubExploit
added 2026/05/06 3:42 a.m.89 views

Exploit for Missing Authentication for Critical Function in Vitejs Vite

CVE-2026...

8.2CVSS5.8AI score0.02907EPSS
Exploits3
CVE
CVE
added 2026/05/06 3:27 a.m.14 views

CVE-2026-5753

The CVE CVE-2026-5753 concerns the All-in-One WP Migration Unlimited Extension for WordPress (versions ≤ 2.83). The root cause is Missing Authorization in Ai1wmve_Schedules_Controller::save for admin_post_ai1wm_schedule_event_save, which does not verify user capabilities before saving schedule da...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.7 views

SUSE CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.8AI score0.01027EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.8 views

SUSE CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/05/06 12:58 a.m.66 views

Exploit for Missing Authentication for Critical Function in Cpanel

🔴 cPanelCVE CVE-2026-41940 — cPanel & WHM Authentication...

9.8CVSS6AI score0.981EPSS
Exploits64
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37440

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses in the Feishu webhook and card operation verification processes, allowing...

9.8CVSS5.8AI score0.00718EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.21 to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a sandbox noVNC auxiliary routing mechanism that allowed authentication bypass, potentially...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.18 views

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from insufficient transport layer protection. Data is transmitted over the network without encryption, allowing attackers to...

9.1CVSS5.8AI score0.00088EPSS
Exploits0References1
Redos
Redos
added 2026/05/06 12:0 a.m.6 views

ROS-20260506-73-0030

Vulnerability in tomcat-native related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Redos
Redos
added 2026/05/06 12:0 a.m.5 views

ROS-20260506-73-0039

Vulnerability in tomcat11 related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

6.5CVSS5.8AI score0.00469EPSS
Exploits0
Rows per page
Query Builder