Lucene search
K

161521 matches found

CVE
CVE
added 2026/05/28 4:19 p.m.13 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social-login binding flow that bypasses MFA. The binding-rule path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable, so users authenticating through this path are logged in without MFA enforcement...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:17 p.m.29 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier are affected by an authentication bypass when the buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted IdP certificate. This allows forging SAML assertions with an attacker‑control...

9.1CVSS5.9AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:17 p.m.13 views

EUVD-2026-32941

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

5.9AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:17 p.m.7 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

5.9AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:17 p.m.8 views

CVE-2026-9090 CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

5.9AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:17 p.m.32 views

CVE-2026-9090 CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 4:16 p.m.17 views

CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS0.00469EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 4:16 p.m.19 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS0.00384EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/28 3:51 p.m.22 views

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:47 p.m.6 views

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 3:47 p.m.7 views

CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 3:47 p.m.10 views

EUVD-2026-32933

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 3:45 p.m.34 views

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS0.0051EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 3:43 p.m.12 views

RLSA-2026:19364 Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/05/28 3:27 p.m.85 views

Exploit for Improper Authentication in Influxdata Influxdb

LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...

9.8CVSS7.6AI score0.30921EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/28 3:26 p.m.19 views

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

9.8CVSS6.2AI score0.88505EPSS
Exploits8
OSV
OSV
added 2026/05/28 2:51 p.m.18 views

USN-8338-1 apache2 vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

9.8CVSS7.4AI score0.41611EPSS
Exploits2References16
Ubuntu
Ubuntu
added 2026/05/28 2:51 p.m.18 views

USN-8338-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

9.8CVSS7.1AI score0.41611EPSS
Exploits2
NVD
NVD
added 2026/05/28 2:16 p.m.15 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 2:16 p.m.14 views

CVE-2026-8979

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS0.00612EPSS
Exploits1References1
Rows per page
Query Builder