Lucene search
+L

3077 matches found

Nuclei
Nuclei
added 12 hours ago155 views

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6AI score0.03904EPSS
Exploits3References2
CVE
CVE
added 13 hours ago8 views

CVE-2026-16207

CVE-2026-16207 affects django-tastypie up to 0.15.1, specifically ApiKeyAuthentication in tastypie/authentication.py. The issue allows use of the GET method with sensitive query strings, enabling a remote attack. The reported attack is characterized by high complexity and low exploitability. The ...

6.3CVSS4.5AI score
Exploits0References6
NVD
NVD
added 2 days ago8 views

CVE-2024-23574

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago38 views

CVE-2024-23574

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2024-55667

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-44982

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler...

6.7CVSS6.1AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-58682

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.1AI score0.00538EPSS
Exploits0References1
OSV
OSV
added 6 days ago7 views

CVE-2026-61503 Rejetto HFS < 3.2.1 Username Enumeration via Login Response Differences

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS6.1AI score0.00343EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 9:16 p.m.6 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS0.0036EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/09 5:35 a.m.9 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS5.9AI score0.00415EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.7 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS6AI score0.0036EPSS
Exploits0References3
Redos
Redos
added 2026/07/09 12:0 a.m.9 views

ROS-20260709-73-0026

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

9.1CVSS6AI score0.00373EPSS
Exploits0
NVD
NVD
added 2026/07/06 5:16 p.m.14 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:13 p.m.49 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score0.00561EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:12 p.m.4 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.00417EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.17 views

PT-2026-55951

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support affected versions not specified Description A critical pre-authentication flaw exists in the authentication subsystem. Improper processing of authentication requests allows an unauthenticated remote attacker to bypas...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References15
EUVD
EUVD
added 2026/07/04 7:15 p.m.10 views

EUVD-2026-41692

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 12:45 p.m.44 views

CVE-2026-14627 NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS0.00369EPSS
Exploits0References5
Rows per page
Query Builder