Lucene search
K

161620 matches found

Cvelist
Cvelist
added 2026/05/04 5:39 p.m.39 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS0.00448EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:39 p.m.7 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 5:39 p.m.4 views

CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 5:39 p.m.13 views

CVE-2026-32834

Summary: CVE-2026-32834 affects the WordPress plugin Easy PayPal Events & Tickets (version 1.3 and earlier). The vulnerability is a hardcoded authentication bypass in the QR code scanning functionality, allowing unauthenticated remote attackers to bypass hash verification by sending the hash para...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:30 p.m.6 views

CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/04 4:34 p.m.15 views

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation formerly Central is a secure, server-based managed file transfer MFT solution used to schedule and automate file...

9.8CVSS5.9AI score0.05633EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 4:16 p.m.140 views

mediatek-mt8365-preloader-exploit

Analysis of Preloader Vulnerabilities in MediaTek MT8365 MT81...

6.6CVSS7.2AI score0.00147EPSS
Exploits1
NVD
NVD
added 2026/05/04 3:16 p.m.11 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS0.00514EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 3:16 p.m.4 views

ALPINE-CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 3:16 p.m.13 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS0.00557EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 3:16 p.m.5 views

DEBIAN-CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References1
Microsoft Secure
Microsoft Secure
added 2026/05/04 3:0 p.m.17 views

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/04 3:0 p.m.8 views

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

In this article 1. Multi-step social engineering campaign leading to credential theft 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Hunting queries 5. Indicators of compromise Phishing campaigns continue to improve sophistication and refinement in blending social...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/04 2:42 p.m.7 views

CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00557EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:42 p.m.11 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00557EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/04 2:42 p.m.8 views

EUVD-2026-26961

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References1
CVE
CVE
added 2026/05/04 2:42 p.m.188 views

CVE-2026-33006

The CVE-2026-33006 issue affects Apache HTTP Server 2.4.66 and its mod_auth_digest component. A timing-based flaw allows a remote attacker to bypass Digest authentication. The known remediation is upgrading to Apache HTTP Server 2.4.67, which fixes the vulnerability. The NVD entry documents a MED...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/04 2:42 p.m.8 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/05/04 2:42 p.m.4 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/04 2:42 p.m.99 views

CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

0.00557EPSS
Exploits1References1
Rows per page
Query Builder