Lucene search
K

510 matches found

NVD
NVD
added 2026/04/27 7:16 p.m.5 views

CVE-2026-35902

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...

6.2CVSS0.00178EPSS
Exploits1References1
CVE
CVE
added 2026/04/27 12:0 a.m.14 views

CVE-2026-35902

The CVE covers the RTSP service of the Mercury IP camera MIPC252W (firmware 1.0.5 Build 230306). The issue arises when handling failed Digest authentication attempts: repeatedly sending RTSP requests with invalid credentials can push the RTSP service into a persistent authentication failure state...

6.2CVSS5.4AI score0.00178EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 9:16 p.m.5 views

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS5.8AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 9:16 p.m.15 views

CVE-2026-40945

Oxia (metadata store/coordination system) is affected prior to version 0.16.2. When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext, potentially exposing JWT tokens in application logs and any connected log aggregation systems if DEBUG logging is enabled in ...

8.7CVSS5.8AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 9:16 p.m.29 views

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

8.7CVSS0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle for running multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...

7.5CVSS5.8AI score0.00107EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 11:14 p.m.11 views

Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.5 views

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.2.1 contained a security vulnerability. This vulnerability stemmed from the use of regular expression objects with state modifiers in certain options of the verify function, which could cause 50%...

5.3CVSS5.8AI score0.00383EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/08 4:37 p.m.6 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. Mitigation Mitigation for this issue is either not...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 6:42 p.m.8 views

GO-2026-4872 Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core

Ella Core Panics during NAS Authentication Response/Failure with missing IEs in github.com/ellanetworks/core...

6.5CVSS5.9AI score0.00236EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 11:59 p.m.15 views

OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication

Summary Nextcloud Talk webhook signature failures were not throttled even though the integration relies on an operator-configured shared secret that may be weak. Impact An attacker who could reach the webhook endpoint could brute-force weak secrets online and then forge inbound webhook events...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/30 10:16 p.m.6 views

CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:43 p.m.8 views

CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/30 9:43 p.m.17 views

CVE-2026-33995

CVE-2026-33995 describes a double-free vulnerability in FreeRDP’s Kerberos handling (WinPR, kerbors/kerberos.c) affecting pre-3.24.2 builds. Specifically, double-free occurs in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() during NLA teardown when Kerberos/U2U is conf...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/30 9:43 p.m.5 views

CVE-2026-33995 FreeRDP: Possible double free in kerberos_AcceptSecurityContext

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 9:17 p.m.10 views

CVE-2026-33907

Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing IEs. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all...

6.5CVSS0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 3:16 p.m.5 views

CVE-2026-33758

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.6CVSS0.00287EPSS
Exploits0References7
CVE
CVE
added 2026/03/27 8:10 a.m.19 views

CVE-2025-59028

CVE-2025-59028 affects Dovecot’s authentication path where invalid base64 SASL data can disconnect from the auth server, causing DoS of concurrent logins. Public advisories (openSUSE/SUSE openSUSE:20554-1, SLES16 SUSE-SU-2026:21208-1, Ubuntu USN-8136-1) indicate the issue in the dovecot24 package...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/03/26 10:15 p.m.11 views

GHSA-55Q8-2GWX-29PC Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Summary Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fi...

6.5CVSS5.9AI score0.00236EPSS
Exploits0References5
Rows per page
Query Builder