Lucene search
K

5 matches found

NVD
NVD
added 2026/06/16 12:16 p.m.10 views

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/12 12:58 p.m.24 views

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

8.6CVSS0.00286EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/25 10:2 p.m.8 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/06/09 6:0 a.m.62 views

CVE-2025-4652

CVE-2025-4652 concerns the Broadstreet WordPress plugin (prior to 1.51.8). The issue is a reflected XSS caused by not sanitising/escaping a parameter before outputting it on the page, which could be exploited against high privilege users (e.g., admins). The evidence consistently notes the vulnera...

6.1CVSS5.8AI score0.00468EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/08/17 7:15 p.m.2 views

CVE-2020-1582

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

7.8CVSS7.7AI score0.02678EPSS
Exploits0References1
Rows per page
Query Builder