Lucene search
K

1857 matches found

UbuntuCve
UbuntuCve
added 2026/03/03 1:16 p.m.2 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS7.2AI score0.00141EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:44 p.m.4 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/27 12:31 p.m.6 views

EUVD-2026-9024

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

9.8CVSS5.9AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 10:0 p.m.4 views

CVE-2026-27835 wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user...

4.3CVSS5.8AI score0.00257EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 5:25 p.m.8 views

CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

8.1CVSS0.00561EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21313

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...

6.5CVSS5.7AI score0.00249EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/10 7:54 p.m.3 views

Permissive List of Allowed Inputs

Overview Affected versions of this package are vulnerable to Permissive List of Allowed Inputs due to incorrect handling of string termination in the GSSAPI standard during authentication on Linux and macOS. An attacker can cause an application crash or leak information by triggering a read...

6.9CVSS5.7AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/02/09 11:16 a.m.12 views

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

6.5CVSS0.00739EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.6 views

RHEL 8 : libsoup (RHSA-2026:2215)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2215 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Signed to Unsigned Conversion Error Leadi...

8.6CVSS6.5AI score0.00947EPSS
Exploits0References6
OSV
OSV
added 2026/01/27 6:20 p.m.4 views

MGASA-2026-0021 Updated iperf packages fix security vulnerabilities

In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. CVE-2025-54349 In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. CVE-2025-54350...

10CVSS6.1AI score0.00385EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/01/23 7:8 a.m.8 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication bsc1256399. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

9.2CVSS5.9AI score0.00557EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/01/21 12:0 a.m.9 views

Gitlab -- vulnerabilities

Gitlab reports: Denial of Service issue in Jira Connect integration impacts GitLab CE/EE Incorrect Authorization issue in Releases API impacts GitLab CE/EE Unchecked Return Value issue in authentication services impacts GitLab CE/EE Infinite Loop issue in Wiki redirects impacts GitLab CE/EE Denia...

7.5CVSS5.8AI score0.00846EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-17-openjdk-17.0.9.0.9-2.el8 (AXSA:2023-6546:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6546:18 advisory. OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authenticatio...

5.3CVSS8.2AI score0.014EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 4 : wireshark-1.2.15-2.AXS4.1 (AXSA:2012-539:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-539:02 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

4.3CVSS7.7AI score0.0859EPSS
Exploits10References16
Patchstack
Patchstack
added 2026/01/09 10:10 p.m.8 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by theviper17y in WordPress Plugin Blog2Social versions = 8.7.2...

4.3CVSS6.9AI score0.00193EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...

8.8CVSS7.5AI score0.02062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

4.3CVSS6.7AI score0.00637EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.17 views

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication...

7.5CVSS5.9AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.9 views

CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete= because the authentication check occurs too late...

7.5CVSS7.1AI score0.01175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.7 views

CVE-2018-19411

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account including administrator via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights...

8.8CVSS6.8AI score0.0087EPSS
Exploits0References1
Rows per page
Query Builder