Lucene search
K

221 matches found

Vulnrichment
Vulnrichment
added 2025/08/14 12:0 a.m.5 views

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

7.3AI score0.00402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/17 9:1 p.m.6 views

CVE-2025-49831

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

9.8CVSS7.3AI score0.01156EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 9:15 p.m.8 views

CVE-2025-49831

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

9.8CVSS0.01156EPSS
Exploits0References4
OSV
OSV
added 2025/07/15 8:10 p.m.7 views

CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...

9.1CVSS7.8AI score0.01156EPSS
Exploits0References6
Veracode
Veracode
added 2025/06/24 12:28 a.m.10 views

NTLM Hash Exposure

dnn.platform is vulnerable to NTLM hash exposure. The vulnerability is due to improper handling of authentication requests, allowing malicious interactions to redirect NTLM authentication hashes to an attacker-controlled SMB server...

8.6CVSS7.3AI score0.29345EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.11 views

CVE-2024-20481

A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...

5.8CVSS7.5AI score0.15953EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 p.m.14 views

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...

4.3CVSS7.1AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 a.m.8 views

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340...

7.8CVSS9.6AI score0.19205EPSS
Exploits25References1
Cisco
Cisco
added 2025/05/21 4:0 p.m.15 views

Cisco Identity Services Engine RADIUS Denial of Service Vulnerability

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker...

8.6CVSS7.6AI score0.00667EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:41 p.m.10 views

CVE-2025-20150

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

5.3CVSS7.2AI score0.00496EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.5 views

Cisco Nexus Dashboard LDAP Username Enumeration (cisco-sa-nd-unenum-2xFFh472)

According to its self-reported version, Cisco Nexus Dashboard LDAP Username Enumeration is affected by a vulnerability. - A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of...

5.3CVSS5.6AI score0.00496EPSS
Exploits0References3
NVD
NVD
added 2025/04/16 4:15 p.m.12 views

CVE-2025-20150

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

5.3CVSS0.00496EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 4:7 p.m.7 views

CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

5.3CVSS5.5AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 4:7 p.m.14 views

CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

5.3CVSS0.00496EPSS
Exploits0References1
Cisco
Cisco
added 2025/04/16 4:0 p.m.11 views

Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

5.3CVSS7.4AI score0.00496EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/04 2:27 a.m.10 views

Improper JWT Signature Validation

jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...

10CVSS6.8AI score0.00328EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

Sitevision 安全漏洞

Sitevision is a content management system CMS from the Swedish company Sitevision. A security vulnerability exists in Sitevision version 10.3.1 and earlier, which stems from a vulnerability that allows a remote attacker to access the private key used to sign SAML Authn requests under certain...

5.1CVSS6.7AI score0.00241EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.3 views

Trend Micro ID Security 安全漏洞

Trend Micro ID Security is an all-in-one ad blocker, password manager, and privacy-enhancing browser extension from Trend Micro. A security vulnerability exists in Trend Micro ID Security 3.0 and prior versions, which stems from a vulnerability that could allow an attacker to send an unlimited...

8.2CVSS6.8AI score0.00293EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.13 views

Cisco Adaptive Security Appliance Remote Access VPN Brute Force DoS (cisco-sa-asaftd-bf-dos-vDZhLqrW)

According to its self-reported version, Cisco Adaptive Security Appliance ASA Software is affected by a vulnerability. - A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an...

5.8CVSS6.2AI score0.15953EPSS
Exploits0References5
OSV
OSV
added 2024/10/25 7:15 a.m.8 views

CVE-2024-47406

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...

9.8CVSS5.8AI score0.00599EPSS
Exploits0References3
Rows per page
Query Builder