Lucene search
K

161494 matches found

SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.20 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.10 views

SUSE CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.10 views

SUSE CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

7CVSS5.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44970

Name of the Vulnerable Software and Affected Versions USR-W610 affected versions not specified Description The firmware of the Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter contains hard-coded administrative credentials stored in plaintext. These credentials...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

USR-W610 信任管理问题漏洞

USR-W610 is an industrial-grade serial-to-Wi-Fi networking module developed by USR. The USR-W610 has a trust management vulnerability, which stems from the inclusion of plaintext management credentials in the firmware. This vulnerability could allow credentials to be extracted through firmware...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44983

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The RDPEAR NDR parser in FreeRDP accepts a single non-null NDR pointer ref-id for multiple logical pointer fields without tracking the expected NDR type or ownership of the pointed object. If the sa...

8.8CVSS5.8AI score0.00384EPSS
Exploits1References36
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Extreme Networks Extreme Platform ONE IAM Gateway 安全漏洞

The Extreme Networks Extreme Platform ONE IAM Gateway is a network identity and access management gateway provided by Extreme Networks, Inc. There is a security vulnerability present in the Extreme Networks Extreme Platform ONE IAM Gateway, which stems from a race condition in the API key...

6.3CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI web-based graphical interface. Versions of FreePBX prior to 16.0.50 and 17.0.11 contained a SQL injection vulnerability. This vulnerability stemmed from the CDR Reports...

8.8CVSS5.9AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44929

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45030

Name of the Vulnerable Software and Affected Versions Authelia versions 4.38.0 through 4.39.19 Description When using the LDAP authentication backend, the authz verification endpoint fails to canonicalize usernames provided via Basic Auth in the Authorization header. Because LDAP treats usernames...

6.3CVSS5.9AI score0.00308EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44893

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS5.8AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.7 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-site request forgeing during 2FA switching. The set.json.php file accepts POST requests to set 2...

6.5CVSS5.7AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44971

Name of the Vulnerable Software and Affected Versions NI SystemLink Enterprise versions prior to 2026-04 Description An authentication bypass in the NI SystemLink Enterprise Dashboard application allows an unauthenticated remote attacker to circumvent authentication controls. This can be achieved...

9.3CVSS5.8AI score0.00623EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-45139

CVE-2026-45611 - Cisco Router Authentication Bypass CVE ID :CVE-2026-45611 Published : May 29, 2026, 1:16 p.m. | 1 hour, 13 minutes ago Description :Rejected reason: Further research determined the issue is not a vulnerability. Severity: 0.0 | NA Visit the link for more details, such as CVSS...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-47568

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

9.2CVSS5.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45064

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description The software uses an insecure default cryptographic key for signing JSON Web Tokens JWT. When the PLATFORM JWT SECRET environment variable is unset, the system defaults to a...

9.8CVSS5.8AI score0.00054EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-44925

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The administrator account for the web interface allows direct editing of sensitive authentication files, which could enable an unauthorized change of the root...

6.9CVSS5.5AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44811

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.3CVSS5.8AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

5.4CVSS5.8AI score0.00016EPSS
Exploits0References3
Rows per page
Query Builder