Lucene search
K

161612 matches found

Snyk
Snyk
added 2026/05/04 7:8 p.m.7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:8 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:8 p.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 7:8 p.m.6 views

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2026/05/04 6:30 p.m.8 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...

9.9CVSS5.8AI score0.00364EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:26 p.m.3 views

CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

6CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/04 6:26 p.m.24 views

CVE-2026-42227

The CVE affects n8n (open source workflow automation) prior to versions 1.123.32, 2.17.4, and 2.18.1. An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying a projectId to the public API variables endpoint. The h...

6.5CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:26 p.m.6 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.9 views

CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 6:16 p.m.6 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS0.00448EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 6:16 p.m.7 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS0.00541EPSS
Exploits12References1
Cvelist
Cvelist
added 2026/05/04 6:0 p.m.33 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

0.00541EPSS
Exploits12References1
Vulnrichment
Vulnrichment
added 2026/05/04 6:0 p.m.5 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

6.2AI score0.00541EPSS
Exploits12References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:0 p.m.8 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References2Affected Software1
CVE
CVE
added 2026/05/04 6:0 p.m.27 views

CVE-2026-0073

CVE-2026-0073 affects Android devices via adbd_tls_verify_cert in auth.cpp, where a logic error could bypass wireless ADB mutual authentication. This could allow remote code execution as the shell user with no extra privileges, requiring no user interaction. Mitigation is to apply the 2026-05-01 ...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References1Affected Software1
EUVD
EUVD
added 2026/05/04 6:0 p.m.10 views

EUVD-2026-27041

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References1
Cvelist
Cvelist
added 2026/05/04 5:39 p.m.39 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS0.00448EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:39 p.m.7 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 5:39 p.m.4 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 5:39 p.m.13 views

CVE-2026-32834

Summary: CVE-2026-32834 affects the WordPress plugin Easy PayPal Events & Tickets (version 1.3 and earlier). The vulnerability is a hardcoded authentication bypass in the QR code scanning functionality, allowing unauthenticated remote attackers to bypass hash verification by sending the hash para...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References3
Rows per page
Query Builder