CVE-2026-3198

A flaw was found in MLflow. When configured with basic authentication, MLflow fails to enforce proper authorization checks for several Gateway API list endpoints. This oversight allows any authenticated user, regardless of their assigned permissions, to enumerate sensitive information such as...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Exploit Windows Compatible Erlang/OTP SSH Un...

Exploit for Improper Authentication in Wordpress

CVE-2008-1930 Exploitation Documentation Guide Document In...

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

SUSE-SU-2026:2292-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

ROOT-APP-PYPI-CVE-2026-41425 CVE-2026-41425 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-41425 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

PT-2026-47429

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Improper neutralization of special elements in the built-in PAM Privileged Access Management provider password rotation templates allows an...

PT-2026-47346

Name of the Vulnerable Software and Affected Versions AdGuard Home versions prior to 0.107.77 Description When started with the --glinet flag, the software contains an authentication bypass that allows unauthenticated attackers to gain full administrative access. This occurs due to unsanitized...

Important: tomcat10

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

Important: tomcat9

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the tpmdevrelease function not properly releasing the authentication session using kfreesensitive,...

OpenBullet2 安全漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass vulnerability in the API key authentication middleware,...

389 Directory Server 资源管理错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a resource management vulnerability in 389 Directory Server, which stems from the Content Synchronization persistent search plugin allowing unlimited memory...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and permission checks at the OpenAI Assistants Vector Store...

OfflineIMAP 安全漏洞

OfflineIMAP is an open-source Python utility designed for synchronizing emails with IMAP servers. Versions of OfflineIMAP prior to 8.0.3 contained a security vulnerability. This vulnerability stemmed from the STARTTLS feature, which allowed trust in the server before authentication. This could le...

PT-2026-47308

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...