Lucene search
K

161504 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37301

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated user can access the public endpoint "objects/plugins.json.php" to read the APISecret from the plugin object data. This secret can then be used to authenticate requests to the...

8.7CVSS5.8AI score0.00257EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36944

Name of the Vulnerable Software and Affected Versions MoreConvert Pro versions prior to 1.9.15 Description The MoreConvert Pro plugin for WordPress contains an authentication bypass flaw. The issue exists because the guest waitlist verification flow fails to invalidate or regenerate verification...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37285

Name of the Vulnerable Software and Affected Versions FireFighter versions prior to 0.0.54 Description The 'POST /api/v2/firefighter/raid/jira bot' endpoint CreateJiraBotView is accessible without authentication. The attachments payload is processed via httpx.get without URL validation, allowing ...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References10
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.62 views

📄 Craft CMS 5.6.16 Remote Code Execution

Craft CMS version 5.6.16 remote code execution exploit. Exploit Title: Craft CMS 5.6.16 - RCE Google Dork: N/A Date: 2026-01-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Vendor Homepage: https://craftcms.com Software Link: https://github.com/craftcms/cms Version: = 3.9.14, =...

10CVSS6.6AI score0.99803EPSS
Exploits14
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.53 views

📄 JUNG Smart Visu Server 1.1.1050 Denial of Service

JUNG Smart Visu Server version 1.1.1050 suffers from a denial of service vulnerability. Exploit Title: JUNG Smart Visu Server 1.1.1050- Dos CVE: CVE-2026-26235 Date: 2026-02-12 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub:...

8.7CVSS5.8AI score0.01784EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.6 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37258

Name of the Vulnerable Software and Affected Versions MagicMirror² versions prior to 2.36.0 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/cors' endpoint, which acts as an open HTTP proxy without authentication or URL validation. This allows remote attackers to...

9.2CVSS6AI score0.01623EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 12:0 a.m.16 views

CVE-2026-43002

CVE-2026-43002 (OpenStack Horizon) affects Horizon 25.6 and 25.7 prior to 25.7.3. A write operation to the session storage backend occurs before authentication, allowing unauthenticated requests to exhaust storage. This is a regression of CVE-2014-8124. Impact: potential denial of service due to ...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37266

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 6.13.9 Mongoose versions prior to 7.8.9 Mongoose versions prior to 8.22.1 Mongoose versions prior to 9.1.6 Description A flaw in the sanitizeFilter query sanitization mechanism allows it to be bypassed using the $nor...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

OpenStack Horizon 安全漏洞

OpenStack Horizon is an OpenStack-based project built using Django. It aims to provide a complete OpenStack dashboard along with a scalable framework for building new dashboards from reusable components. Versions 25.6, 25.7, and prior to 25.7.3 of OpenStack Horizon contained security...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 9 : nginx (RHSA-2026:13680)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13680 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

FreeBSD : www/apache24 -- Multiple vulnerabilities (1ccc383b-486a-11f1-8b62-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ccc383b-486a-11f1-8b62-8447094a420f advisory. The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857,...

9.8CVSS6AI score0.4581EPSS
Exploits18References13
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Vaultwarden 数据伪造问题漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.35.4 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from updating credential metadata before signature verification during the...

5.4CVSS5.7AI score0.00151EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37002

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

eLabFTW 安全漏洞

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

Mikrotik RouterOS 信任管理问题漏洞

Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There is a vulnerability in MikroTik RouterOS’s trust management mechanism. This vulnerability stems from the shared certificate validation logic, which leads to scope confusion. As a result, a...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/05 12:0 a.m.9 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
Rows per page
Query Builder