Lucene search
K

161620 matches found

OSV
OSV
added 2026/05/27 9:35 p.m.4 views

GHSA-G794-3FMP-753H AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

8.2CVSS5.8AI score0.00221EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 9:35 p.m.14 views

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/27 9:35 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AuthorizedKeysFile %u token. An attacker can gain unauthorized SSH authentication by supplying a specially crafted username containing path traversal sequences, allowing the server to read an...

7.7CVSS6.3AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 9:32 p.m.7 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...

8.7CVSS5.8AI score0.00298EPSS
Exploits1References2
NVD
NVD
added 2026/05/27 9:16 p.m.12 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 p.m.28 views

CVE-2026-47270

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...

6.3CVSS0.00108EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/27 9:11 p.m.16 views

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

5.8AI score0.00064EPSS
Exploits0References6Affected Software2
Debian
Debian
added 2026/05/27 9:2 p.m.13 views

[SECURITY] [DSA 6303-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6303-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.04604EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/05/27 9:2 p.m.7 views

CVE-2026-44720 OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:2 p.m.31 views

CVE-2026-44720 OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:2 p.m.12 views

EUVD-2026-32669

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:2 p.m.8 views

CVE-2026-44720

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 9:2 p.m.19 views

CVE-2026-44720

OpenLearnX (pre-2.0.4) has a critical authentication vulnerability where JWT signature verification is disabled, enabling an attacker to bypass authentication and take over user accounts. Impact is unauthorized access under specific conditions; the issue is fixed in 2.0.4. Remediation: upgrade to...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:25 p.m.13 views

CVE-2026-46024

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted authentication reply message to trigger a null pointer dereference. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS for affected systems. Mitigation To...

7.5CVSS5.5AI score0.0049EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 8:24 p.m.7 views

CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:19 p.m.9 views

CVE-2026-44710

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...

4.6CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 8:18 p.m.15 views

CVE-2026-44711

The CVE concerns the pam_usb project for Linux. Affected: pam_usb versions prior to 0.8.7. Root cause: symlink attacks on the pad directory and pad files. Impact: authentication bypass and potential root file corruption. The issue is fixed in version 0.8.7. There is no explicit exploitation statu...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:18 p.m.39 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:18 p.m.10 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 8:18 p.m.8 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder