Lucene search
K

3063 matches found

CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient security controls in the browser-based...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30190

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

6.3CVSS5.8AI score0.00449EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/01 9:36 p.m.5 views

EUVD-2026-18017

Payload has a CSRF Protection Bypass in Authentication Flow...

5.4CVSS5.9AI score0.00129EPSS
Exploits0References3
CVE
CVE
added 2026/04/01 2:44 p.m.14 views

CVE-2026-4829

Summary: CVE-2026-4829 affects Devolutions Server versions up to 2026.1.11 (and earlier) and relates to improper authentication in the external OAuth flow. An authenticated user can authenticate as other users, including administrators, by reusing a session code from an external authentication fl...

5.4CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 3:31 p.m.16 views

Duplicate Advisory: OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9528-x887-j2fp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/31 12:0 a.m.12 views

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...

8.2CVSS5.9AI score0.00324EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 8:6 p.m.2 views

CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 12:43 a.m.2 views

CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00543EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/27 12:43 a.m.28 views

CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS0.00543EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

WordPress plugin Smart Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS7.6AI score0.00484EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-15515

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage...

6.9CVSS5.8AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33288

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...

8.8CVSS6.1AI score0.0044EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

WordPress plugin Jobica Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 7:18 p.m.2 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

6.9CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/03/24 4:16 p.m.6 views

CVE-2025-71275

Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519...

0.00462EPSS
Exploits3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

Blinko 安全漏洞

Blinko is an open-source AI-based card-based note-taking application designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained security vulnerabilities. These vulnerabilities stemmed from deficiencies in the upsertUser endpoint,...

8.8CVSS5.8AI score0.00343EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/22 8:52 p.m.201 views

Exploit for CVE-2026-24516

CVE-2026-24516-DigitalOcean-RCE Critical Pre-Auth Root RCE CV...

5.9AI score0.02502EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:42 p.m.9 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has a...

8.9CVSS6.9AI score0.00689EPSS
Exploits3Affected Software1
CVE
CVE
added 2026/03/20 4:21 p.m.51 views

CVE-2026-22898

The CVE-2026-22898 entry concerns QVR Pro with a missing authentication for a critical function. Affected component is the QVR Pro software; remote attackers could gain system access due to insufficient authentication. The vulnerability carries a CVSS v4.0 base score of 9.3 (CRITICAL) with networ...

9.8CVSS5.9AI score0.00683EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/20 10:16 a.m.5 views

CVE-2026-33124

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

8.8CVSS0.00247EPSS
Exploits0References2
Rows per page
Query Builder