Lucene search
K

161485 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45018

Name of the Vulnerable Software and Affected Versions Russh versions 0.34.0-beta.1 through 0.60.x Description The server authentication path in the Russh library fails to separate internal user authentication state when the request principal changes across SSH MSG USERAUTH REQUEST messages...

5.3CVSS5.5AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Neotoma 访问控制错误漏洞

Neotoma is a locally prioritized open-source tool developed by Mark Hendrickson as an AI agent for managing state and records across various tools. Versions of Neotoma from 0.6.0 to 0.11.1 contained an access control vulnerability. This vulnerability occurred when the application received request...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-45073

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0 Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the...

9.8CVSS5.9AI score0.00529EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44756

Name of the Vulnerable Software and Affected Versions OTP Login With Phone Number, OTP Verification plugin for WordPress versions 1.8.50 through 1.8.60 Description An authentication bypass exists due to the Firebase verification flow in the 'lwp ajax register' AJAX handler not binding the Firebas...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

NI SystemLink Enterprise 安全漏洞

NI SystemLink Enterprise is an enterprise-level engineering platform developed by National Instruments NI in the United States. It provides a scalable system and test data management and analysis solution. Versions of NI SystemLink Enterprise prior to 2026-04 contained security vulnerabilities...

9.3CVSS5.9AI score0.00623EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication between the Wireless Control Module and the Engine Control Module. This...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-47588

Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated...

7.1CVSS5.4AI score
Exploits0References6
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.63 views

strongSwan 5.9.13 - DoS

Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...

5.8AI score
Exploits3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.59 views

strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow

Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan length 4 - 4 without guarding against hdr-lengt...

5.8AI score
Exploits3
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.58 views

📄 WordPress Temporary Login 1.0.0 Authentication Bypass

WordPress Temporary Login plugin versions 1.0.0 and below suffer from an authentication bypass vulnerability. Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage...

9.8CVSS5.8AI score0.09246EPSS
Exploits3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.76 views

Langflow 1.3.0 - Remote Code Execution

Exploit Title: Langflow 1.3.0 - Remote Code Execution Fofa-dork: title="Langflow" Shodan-dork: title:"Langflow" Date: 23-05-2026 Exploit Author: Diamorphine Venodor Homepage: https://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: 1.2.0 Tested on: Debian CVE :...

9.8CVSS7.3AI score0.10371EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-47556

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...

4.3CVSS5.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.54 views

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

9.8CVSS6.3AI score0.01325EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.79 views

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45052

Name of the Vulnerable Software and Affected Versions PraisonAI version 4.6.33 Description The code-generator praisonai.deploy.api.generate api server code creates a Flask API server with authentication disabled by default. When users deploy the server using the command praisonai deploy --type ap...

9.8CVSS5.9AI score0.0008EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.51 views

📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

9.8CVSS8.1AI score0.10371EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45015

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.10.0 through 8.x Description Gotenberg is susceptible to a remote denial of service due to a race condition when handling multipart requests. When a request contains multiple downloadFrom entries, the system initiates...

7.5CVSS6AI score0.00138EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability associated with the Danelec Marine Danelec MacGregor Voyage Data Recorder. This vulnerability stems from the possibility f...

6.9CVSS5.8AI score0.00376EPSS
Exploits0References4
Redos
Redos
added 2026/05/29 12:0 a.m.10 views

ROS-20260529-73-0012

The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise, platforms for archiving corporate information, lies in the ability to bypass authentication by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

8.1CVSS5.8AI score0.00376EPSS
Exploits0
Redos
Redos
added 2026/05/29 12:0 a.m.11 views

ROS-20260529-73-0009

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS5.8AI score0.00257EPSS
Exploits1
Rows per page
Query Builder