Lucene search
K

161515 matches found

UbuntuCve
UbuntuCve
added 2026/05/05 12:0 a.m.9 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgra...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing for the automatic activation of untrusted workspace plugins during...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:0 a.m.4 views

UBUNTU-CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.60 views

📄 GNU InetUtils telnetd Remote Privilege Escalation

GNU InetUtils versions 2.0 through 2.6 telnetd remote privilege escalation proof of concept exploit. Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage:...

9.8CVSS7.5AI score0.98871EPSS
Exploits60
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.7 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
Slackware Linux
Slackware Linux
added 2026/05/04 10:47 p.m.27 views

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.67-i586-1slack15.0.txz: Upgraded. This release fixes bugs and the following security issues: modproxyajp: Heap Over-Read and...

9.8CVSS6AI score0.4581EPSS
Exploits18
Github Security Blog
Github Security Blog
added 2026/05/04 10:28 p.m.9 views

sequoia-git has broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 10:3 p.m.6 views

net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References11Affected Software1
Snyk
Snyk
added 2026/05/04 10:3 p.m.10 views

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...

8.3CVSS5.9AI score0.00299EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/04 10:3 p.m.155 views

Exploit for CVE-2026-31717

CVE-2026-31717: ksmbd DHnC Durable-Handle Reconnect Access-Con...

8.8CVSS5.8AI score0.00437EPSS
Exploits1
OSV
OSV
added 2026/05/04 9:30 p.m.4 views

GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.3AI score0.00404EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/04 9:28 p.m.7 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by sending a crafted installation request before the legitimate operator...

9.8CVSS5.8AI score0.00346EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 9:28 p.m.9 views

Missing Authentication for Critical Function

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api/install endpoint during the initial setup process. An attacker can gain unauthorized administrative access by...

9.8CVSS5.8AI score0.00346EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/04 9:24 p.m.15 views

Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

9CVSS5.7AI score0.0032EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/04 9:16 p.m.32 views

CVE-2026-7779

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS0.00358EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/04 9:15 p.m.15 views

quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

6.3CVSS5.8AI score0.004EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/04 9:15 p.m.7 views

GHSA-FR8F-RWJX-F32V quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

6.3CVSS5.8AI score0.004EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/04 9:15 p.m.11 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...

6.3CVSS5.7AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder