Lucene search
K

2774 matches found

Nuclei
Nuclei
added yesterday18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS6.1AI score0.02663EPSS
Exploits3References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59218 Open WebUI: Account enumeration via observable login timing discrepancy

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...

5.3CVSS0.0024EPSS
Exploits0References4
CVE
CVE
added 5 days ago16 views

CVE-2026-51926

The vulnerability (CVE-2026-51926) affects docuForm FSM Client v11.11c. The login.php authentication mechanism enables user enumeration: an attacker can distinguish valid from invalid usernames by differences in server responses, enabling identification of existing accounts. This information coul...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS0.00391EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-55435

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS0.00315EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/06 9:46 p.m.6 views

Brute Force

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Brute Force in the authentication process. An attacker can gain unauthorized access to administrative functions by sending repeated login attempts with different values in the...

7.3CVSS6AI score0.00515EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/06 8:56 p.m.5 views

CVE-2026-8925

A flaw was found in curl. The logic handling SASL Simple Authentication and Security Layer authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker...

9.8CVSS6AI score0.0108EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/06 8:0 p.m.34 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS0.00291EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:0 p.m.7 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 4:16 p.m.8 views

CVE-2026-58455

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS0.0119EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:18 a.m.6 views

WordPress Sendcloud Shipping plugin <= 1.0.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.31...

5.3CVSS5.9AI score0.00184EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/30 5:4 a.m.16 views

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...

9.8CVSS6AI score0.00677EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Apache Tomcat 10.1.0.M1 < 10.1.56 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.56. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.56security-10 advisory. - Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the...

9.1CVSS6.1AI score0.00455EPSS
Exploits1References14
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:29 p.m.20 views

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 11:53 a.m.11 views

CVE-2026-56237

CVE-2026-56237 — Capgo : Capgo prior to 12.128.2 has a broken authentication vulnerability in its API key generation. API keys are exposed in frontend requests, and the backend does not validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the ...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/24 6:38 a.m.15 views

USN-8457-2: MySQL vulnerabilities

USN-8457-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS Original advisory details: It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote attacker could possibl...

7.5CVSS5.9AI score0.00471EPSS
Exploits0
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/21 3:15 a.m.7 views

CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/20 12:14 a.m.12 views

EUVD-2026-38098

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References2
Rows per page
Query Builder