161237 matches found
CVE-2026-45749
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /users/totp/disable and POST /users/totp/backup-codes endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical...
CVE-2026-45327
TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a ?password= query parameter, comparing the supplied...
Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...
Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Authentication Bypass by Primary Weakness in Mantisbt
CVE-2026-30849.ts — usage This TypeScript script performs a c...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
curl: SOCKS5 no-auth accepted despite username/password-only authentication
Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 - cPanel/WHM Authentication Bypass This reposi...
CVE-2026-6274
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
EUVD-2025-26494
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01...