Lucene search
K

161507 matches found

RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.8 views

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 2:16 a.m.14 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS0.00458EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:46 a.m.13 views

SUSE CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

7.4CVSS5.8AI score0.00557EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.5 views

SUSE CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

10CVSS5.7AI score0.00479EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.15 views

SUSE CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.13 views

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 1:24 a.m.17 views

CVE-2026-5722

The CVE concerns the WordPress plugin MoreConvert Pro (versions up to and including 1.9.14). The vulnerability is an Authentication Bypass in the guest waitlist verification flow: tokens are not invalidated or regenerated when the customer email is changed, enabling unauthenticated attackers to a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 1:24 a.m.42 views

CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS0.00458EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 1:24 a.m.6 views

CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:24 a.m.4 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 12:21 a.m.5 views

EUVD-2026-25606

Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/05 12:21 a.m.9 views

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:21 a.m.14 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/05 12:21 a.m.3 views

GHSA-W9J2-PVGH-6H63 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References3
OSV
OSV
added 2026/05/05 12:1 a.m.6 views

CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:0 a.m.6 views

CLSA-2026-1777939234 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS7.6AI score0.01205EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 7.0.1 of OpenEMR contains a security vulnerability...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References1
Rows per page
Query Builder