Lucene search
K

161567 matches found

CVE
CVE
added 2026/05/28 2:13 p.m.24 views

CVE-2026-35672

CVE-2026-35672 affects phpMyFAQ prior to 4.1.3 where the default API client token is an empty string. The authentication check compares the configured token to the request header x-pmf-token and uses strict inequality; if the header is empty, authentication is bypassed. This allows unauthenticate...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/28 2:2 p.m.9 views

WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...

7.3CVSS5.8AI score0.00229EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/28 2:2 p.m.7 views

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:27 p.m.8 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 1:27 p.m.26 views

CVE-2026-8990 Authentication Bypass in Kidsview

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 1:27 p.m.24 views

CVE-2026-8990

The CVE-2026-8990 entry affects the Kidsview mobile application. A user with physical access can bypass the app’s authentication by interacting with push notifications, granting full access to the device owner’s account. Affected behavior is an authentication bypass via the notification channel, ...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 1:27 p.m.12 views

CVE-2026-8990 Authentication Bypass in Kidsview

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 1:27 p.m.13 views

EUVD-2026-32901

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Debian
Debian
added 2026/05/28 1:18 p.m.16 views

[SECURITY] [DLA 4604-1] roundcube security update

Debian LTS Advisory DLA-4604-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u9 CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

8.1CVSS6.1AI score0.00764EPSS
Exploits1
EUVD
EUVD
added 2026/05/28 1:5 p.m.12 views

EUVD-2026-32896

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 1:5 p.m.32 views

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS0.00612EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 1:5 p.m.7 views

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:5 p.m.7 views

CVE-2026-8979

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00612EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 1:5 p.m.27 views

CVE-2026-8979

CVE-2026-8979 affects the Mennekes Amtron series firmware versions ≤ 5.22.3. The vulnerability is an authentication bypass where an unauthenticated remote attacker can change a user account password by sending a crafted POST to the /operator/operator endpoint. The CVSS data indicates a critical i...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 12:34 p.m.9 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
Rapid7 Blog
Rapid7 Blog
added 2026/05/28 12:0 p.m.103 views

CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)

Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 Critical. The vulnerability allows any authenticated user to achieve remote cod...

9.9CVSS6.5AI score0.01029EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:57 a.m.15 views

USN-8332-1: CRaC JDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
OSV
OSV
added 2026/05/28 11:57 a.m.17 views

USN-8332-1 openjdk-17-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
OSV
OSV
added 2026/05/28 11:45 a.m.14 views

USN-8331-1 openjdk-lts vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 10:16 a.m.18 views

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS0.00128EPSS
Exploits0References7
Rows per page
Query Builder