161488 matches found
EUVD-2026-27133
Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback...
GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback
Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
CVE-2026-35579
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
CVE-2026-35579
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
EUVD-2026-26247
pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...
pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...
GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...
cPanelSniper-
cPanelSniper CVE-2026-41940 — c...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
Important: Red Hat Security Advisory: dovecot security update
An update for dovecot is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-31835
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content
Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...
CVE-2026-33190
CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...
CVE-2026-31835
Vaultwarden (Rust) prior to 1.35.5 is affected. In 1.35.4 and earlier, validate_webauthn_login() updates persistent credential flags before WebAuthn signature verification, allowing an attacker who knows a user’s password but cannot produce a valid WebAuthn signature to permanently modify backup ...
CVE-2026-31835
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
EUVD-2026-27424
Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in validatewebauthnlogin updates persistent credential metadata 1backupeligible1 and 1backupstate flags1 based on unverified authenticatorData before signature validation...
OpenStack Horizon has Incorrect Behavior Order
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...