Lucene search
K

3059 matches found

EUVD
EUVD
added 2026/04/15 6:31 p.m.7 views

EUVD-2026-22964

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.8 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

8.1CVSS5.8AI score0.00129EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Maddy Mail Server 安全漏洞

Maddy Mail Server is a modular and integrated email server developed by Russian developer Max Mazurov. Versions of Maddy Mail Server prior to 0.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the auth.ldap module, where the username provided by the user was inserted int...

8.2CVSS5.8AI score0.00419EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 8:5 p.m.11 views

CVE-2026-40683

Keystone (OpenStack) LDAP identity backend vulnerability CVE-2026-40683: before 28.0.1, the user_enabled_invert setting is not applied when False, causing non-empty string values like 'FALSE' to be treated as enabled; this permits authentication and actions for users disabled in LDAP. All deploym...

7.7CVSS5.8AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/14 8:5 p.m.27 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS0.00317EPSS
Exploits0References4
NVD
NVD
added 2026/04/14 4:16 p.m.3 views

CVE-2026-22574

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

6.5CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.3 views

CVE-2026-22576

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

4.3CVSS5.8AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. There is a security vulnerability in OpenClaw, which stems from improper implementation of the authentication function. This vulnerability may allow for bypass of authentication processes...

7.4CVSS7.1AI score0.00671EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 7:39 p.m.4 views

EUVD-2026-21585

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

3.7CVSS5.8AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 7:16 p.m.5 views

CVE-2026-33706

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 6:54 p.m.5 views

EUVD-2026-21563

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 8:26 p.m.43 views

CVE-2026-27949

Affected software: Plane (open‑source project management tool). Vulnerability: Before v1.3.0, the authentication flow exposed the user’s email address as a query parameter in the URL during error handling (e.g., invalid magic code submissions), revealing PII via GET queries. Location of root caus...

4.3CVSS6AI score0.00168EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:3 p.m.5 views

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Papra 代码问题漏洞

Papra is an open-source document management and archiving platform developed by Papra. Versions of Papra prior to 26.4.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of API keys with an expiresAt date during authentication. As a result, any API key...

4.3CVSS5.9AI score0.00239EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.22 views

Claude Code CLI和Claude Agent SDK 操作系统命令注入漏洞

Claude Code CLI and Claude Agent SDK are both open-source products developed by Anthropic. Claude Code CLI is a command-line AI coding assistant tool. Claude Agent SDK is a developer toolkit for AI coding assistants. Both Claude Code CLI and Claude Agent SDK have operating system command injectio...

6.2AI score0.00596EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.5 views

CVE-2026-34832

Scoold is a Q and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

6.5CVSS5.9AI score0.00303EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/03 9:31 p.m.6 views

EUVD-2026-18841

A specific administrative endpoint notifications is accessible without proper authentication...

6.9CVSS5.9AI score0.00377EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient security controls in the browser-based...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30190

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

6.3CVSS5.8AI score0.00449EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/01 9:36 p.m.5 views

EUVD-2026-18017

Payload has a CSRF Protection Bypass in Authentication Flow...

5.4CVSS5.9AI score0.00129EPSS
Exploits0References3
Rows per page
Query Builder