161494 matches found
ROS-20260529-73-0009
The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...
SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2026:2076-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2076-1 advisory. This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on...
Devolutions Server < 2025.3.22 / 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)
The version of Devolutions Server installed on the remote host is prior to 2025.3.22 or 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities, including: - Improper authorization in the Active Directory browsing feature allows a low-privileged authenticated user to...
š WordPress Quick Playground 1.3.1 Shell Upload
Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...
strongSwan 5.9.13 - DoS
Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...
Langflow 1.3.0 - Remote Code Execution
Exploit Title: Langflow 1.3.0 - Remote Code Execution Fofa-dork: title="Langflow" Shodan-dork: title:"Langflow" Date: 23-05-2026 Exploit Author: Diamorphine Venodor Homepage: https://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: 1.2.0 Tested on: Debian CVE :...
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan length 4 - 4 without guarding against hdr-lengt...
ImageMagick < 6.9.13-48 / 7.x < 7.1.2-23 Multiple Vulnerabilities
The remote host has a version of ImageMagick installed that is prior to 6.9.13-47 or 7.x prior to 7.1.2-22. It is, therefore, affected by multiple vulnerabilities: Ć¢ĀĀ An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race...
PT-2026-44843
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...
VulnCheck KEV: CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OSĀ® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS : tgt vulnerability (USN-8325-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8325-1 advisory. It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could...
Devolutions Server 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)
The version of Devolutions Server installed on the remote host is 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities: - Improper handling of factor key state in the multi-factor authentication management feature allows an attacker with knowledge of a user's passwo...
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection...
AlmaLinux 9 : httpd (ALSA-2026:21391)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...
ZTE ZXHN H188A V6 - Authentication Bypass
Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...
CVE-2026-6816 TFA Basic Plugins - Access Bypass
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-45364
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...