Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

161225 matches found

CVE
CVEadded 2026/06/09 7:34 a.m.23 views

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/06/09 7:34 a.m.8 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0
NVD
NVDadded 2026/06/09 5:16 a.m.12 views

CVE-2026-41720

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS0.00257EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 3:48 a.m.8 views

EUVD-2026-35324

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/09 3:48 a.m.32 views

CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS0.00257EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 3:48 a.m.41 views

CVE-2026-41720

CVE-2026-41720 affects Spring LDAP, where DirContextAuthenticationStrategy implementations fail to reject a bind request that uses a non-empty username with an empty or null password. Affected versions include 2.4.0–2.4.4, 3.2.0–3.2.17, 3.3.0–3.3.7, and 4.0.0–4.0.3. The CVE description in both th...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 3:48 a.m.6 views

CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 3:16 a.m.11 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
SUSE CVE
SUSE CVEadded 2026/06/09 2:21 a.m.10 views

SUSE CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References3
Hacker One
Hacker Oneadded 2026/06/09 2:20 a.m.13 views

curl: Trailing-Dot Hostname in Redirect Silently Strips Client Certificate and Auth Credentials

Summary When curl follows a redirect where the Location header contains a hostname with a trailing dot e.g., https://example.com./path, Curlpeerequal in peer.c:321-330 compares the original hostname example.com against the redirect target example.com. using curlstrequal, which does not normalize...

5.7CVSS6.6AI score0.01595EPSS
Exploits1
Cvelist
Cvelistadded 2026/06/09 2:15 a.m.35 views

CVE-2026-11618 DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/06/09 2:15 a.m.8 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS5AI score0.00401EPSS
Exploits0References7Affected Software1
EUVD
EUVDadded 2026/06/09 2:15 a.m.10 views

EUVD-2026-35291

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/06/09 2:15 a.m.7 views

CVE-2026-11618 DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References7
CVE
CVEadded 2026/06/09 2:15 a.m.20 views

CVE-2026-11618

DTStack Taier up to v1.4.0 is affected by an improper authentication issue in the LoginInterceptor.preHandle (taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java) within the Source Connection Test Endpoint. The vulnerability can be abused remotely; public ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/06/09 12:20 a.m.7 views

CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS5.4AI score0.00231EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 12:20 a.m.37 views

CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.8 views

PT-2026-47926

Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services affected versions not specified Description Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally, which can affect the system. Recommendations At...

8.4CVSS5.2AI score0.00261EPSS
Exploits0References7
CVE
CVEadded 2026/06/09 12:0 a.m.14 views

CVE-2026-36721

CVE-2026-36721 affects bookcars v8.3. The root cause is a lack of cryptographic signature verification in the validateAccessToken function, which enables attackers to bypass authentication via a forged JWT token. The CVE is rated with a high impact metric (CVSS v3.1: 9.8, Critical) across confide...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
Rows per page
Query Builder