Lucene search
K

508 matches found

CVE
CVE
added 2026/01/23 11:1 p.m.14 views

CVE-2026-24127

CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/22 10:37 p.m.13 views

CVE-2025-53968

CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...

7.5CVSS5.6AI score0.00376EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.10 views

Delta Electronics DIAView 安全漏洞

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
CVE
CVE
added 2026/01/14 11:53 a.m.29 views

CVE-2025-66005

InputPlumber’s InputManager D‑Bus interface lacks authorization in versions before v0.63.0, allowing local impact in the active user session: Denial‑of‑Service, information disclosure, or privilege escalation. Affected component: InputPlumber (InputManager D‑Bus). Root cause: missing authorizatio...

8.5CVSS6.3AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:21 p.m.7 views

CVE-2018-14705

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...

10CVSS6.7AI score0.01853EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.11 views

CVE-2021-27569

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

5.3CVSS7AI score0.00637EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...

7.8CVSS7.2AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/07 11:57 p.m.4 views

Missing Authentication for Critical Function

Overview wolfssl is a Python module that encapsulates wolfSSL's C SSL/TLS library. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper enforcement of client certificate requirements in the CERTREQUIRED process. An attacker can gain...

9.3CVSS6.8AI score0.00272EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/01 6:30 a.m.8 views

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/01 4:39 a.m.2 views

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-1000

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...

5.3CVSS6.7AI score0.00356EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x, which stems from a failure...

4.3CVSS6.2AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/26 8:50 a.m.3 views

CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

6.8AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2025/11/10 6:54 p.m.4 views

MGASA-2025-0272 Updated strongswan packages fix security vulnerability

Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...

8.1CVSS5.8AI score0.00879EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.3 views

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

6.1AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.5 views

PT-2025-43990

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description The SOCET GXP Job Status Service does not properly authenticate requests. This can allow remote or local users to perform actions, such as aborting jobs or reading information, without the...

6.5CVSS6.4AI score0.0023EPSS
Exploits0References4
CVE
CVE
added 2025/10/27 12:0 a.m.19 views

CVE-2025-54970

BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...

6.5CVSS6.1AI score0.0023EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/27 12:0 a.m.6 views

EUVD-2025-36207

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

5.9AI score0.0023EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Siemens SIMATIC ET 200SP Communication Processors Missing Authentication For Critical Function (CVE-2025-40771)

Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900...

9.8CVSS5.5AI score0.00485EPSS
Exploits0References4
Rows per page
Query Builder