Lucene search
K

161619 matches found

OSV
OSV
added 2026/05/04 8:52 p.m.5 views

GHSA-VMFM-CH9H-5C7G Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)

Summary The HTTP login endpoints POST /login and POST /signalk/v1/auth/login are protected by express-rate-limit default: 100 attempts per 10-minute window, configurable via HTTPRATELIMITS. The WebSocket login path — sending login: username, password messages over an established WebSocket...

8.7CVSS5.9AI score0.00327EPSS
Exploits1References6
CVE
CVE
added 2026/05/04 8:30 p.m.10 views

CVE-2026-7779

Open5GS up to 2.7.7 is affected by a vulnerability in udm_nudr_dr_handle_subscription_authentication (file /src/udm/nudr-handler.c) within the authentication-subscription Endpoint. Manipulation of this function can cause a denial of service; remote exploitation is possible and an exploit has been...

5.3CVSS5.4AI score0.00358EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 8:30 p.m.22 views

EUVD-2026-27143

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS5.4AI score0.00358EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 8:30 p.m.40 views

CVE-2026-7779 Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS0.00358EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/04 8:30 p.m.4 views

CVE-2026-7779 Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS5.4AI score0.00358EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:30 p.m.5 views

CVE-2026-7779

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS5.4AI score0.00358EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7671

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

6.3CVSS5AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.2 views

CVE-2026-7630

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...

7.5CVSS6.3AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.10 views

CVE-2026-7611

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

8.1CVSS5AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.10 views

CVE-2026-4650

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

8.1CVSS5.4AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-5140

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

8.8CVSS5.8AI score0.00481EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:8 p.m.6 views

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/04 8:8 p.m.19 views

CVE-2026-42220

Nginx UI (nginx-ui) prior to version 2.3.8 exposes a vulnerability where an authenticated user can call GET /api/settings to retrieve sensitive values, including node.secret. The node.secret is accepted by AuthRequired() via the X-Node-Secret header (or node_secret query parameter), allowing the ...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:1 p.m.8 views

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

6.5CVSS5.9AI score0.00377EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/04 8:1 p.m.4 views

GHSA-P4GQ-3VXJ-F4JQ Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

2.3CVSS5.9AI score0.00377EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/04 7:29 p.m.9 views

Missing Authentication for Critical Function

Overview arelle-release is an An open source XBRL platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugins parameter in the /rest/configure endpoint, which is processed without authentication or authorization. An attacker can execu...

9.8CVSS6.2AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 7:26 p.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:21 p.m.7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References2
Rows per page
Query Builder