Lucene search
K

161467 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/29 8:8 a.m.10 views

libceph: Fix slab-out-of-bounds access in auth message processing

...

9.1CVSS5.4AI score0.00525EPSS
Exploits0
EUVD
EUVD
added 2026/05/29 7:29 a.m.12 views

EUVD-2026-33257

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:29 a.m.38 views

CVE-2026-49322 Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user PIN from observed exchange

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:43 a.m.25 views

CVE-2026-9243

The Plus Addons for Elementor WordPress plugin contains a Stored Cross-Site Scripting (XSS) flaw in the Carousel Anything widget’s carousel_direction parameter, up to version 6.4.15. The root cause is insufficient output escaping in render(), placing the value into an unquoted dir= attribute, ena...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 6:43 a.m.10 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/29 6:43 a.m.34 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS0.00492EPSS
Exploits0References6
CVE
CVE
added 2026/05/29 6:43 a.m.35 views

CVE-2026-3655

The CVE-2026-3655 entry describes an authentication bypass in the WordPress plugin “OTP Login With Phone Number, OTP Verification” versions 1.8.50–1.8.60. The root cause is a Firebase verification flow in the lwp_ajax_register AJAX handler that does not bind the Firebase session to the submitted ...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:43 a.m.9 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/29 6:43 a.m.10 views

EUVD-2026-33255

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
Mageia
Mageia
added 2026/05/29 5:12 a.m.17 views

Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability

The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:12 a.m.13 views

MGASA-2026-0160 Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability

The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 2:13 a.m.40 views

CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...

9.1CVSS5.8AI score0.86678EPSS
Exploits9References1
SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.20 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.10 views

SUSE CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.10 views

SUSE CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

7CVSS5.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44970

Name of the Vulnerable Software and Affected Versions USR-W610 affected versions not specified Description The firmware of the Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter contains hard-coded administrative credentials stored in plaintext. These credentials...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

USR-W610 信任管理问题漏洞

USR-W610 is an industrial-grade serial-to-Wi-Fi networking module developed by USR. The USR-W610 has a trust management vulnerability, which stems from the inclusion of plaintext management credentials in the firmware. This vulnerability could allow credentials to be extracted through firmware...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45064

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description The software uses an insecure default cryptographic key for signing JSON Web Tokens JWT. When the PLATFORM JWT SECRET environment variable is unset, the system defaults to a...

9.8CVSS5.8AI score0.00054EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.17 views

openSUSE 16 Security Update : nginx (openSUSE-SU-2026:20796-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20796-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is...

9.2CVSS9AI score0.61469EPSS
Exploits39References18
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41741: NGINX Open Source before...

8.8CVSS8.5AI score0.21621EPSS
Exploits2References7
Rows per page
Query Builder