CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1243 matches found

OSV•added 2026/03/18 4:17 p.m.•6 views

GHSA-26F5-8H2X-34XH h3 has an observable timing discrepancy in basic auth utils

Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...

5.9CVSS6.1AI score0.00319EPSS

Exploits1References5

NVD•added 2026/03/13 7:54 p.m.•4 views

CVE-2026-31882

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

7.5CVSS0.00778EPSS

Exploits1References4

ATTACKERKB•added 2026/03/13 7:28 p.m.•1 views

CVE-2026-31882

7.5CVSS6AI score0.00778EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/03/13 7:28 p.m.•23 views

CVE-2026-31882 Dagu SSE Authentication Bypass in Basic Auth Mode

7.5CVSS0.00778EPSS

Exploits1References4

Vulnrichment•added 2026/03/13 7:28 p.m.•4 views

CVE-2026-31882 Dagu SSE Authentication Bypass in Basic Auth Mode

7.5CVSS6AI score0.00778EPSS

Exploits1References4

CVE•added 2026/03/13 7:28 p.m.•9 views

CVE-2026-31882

Summary: CVE-2026-31882 affects Dagu, a workflow engine. Before v2.2.4, when DAGU_AUTH_MODE=basic, SSE endpoints are accessible without credentials, allowing unauthenticated access to real-time DAG data, configurations, logs, and queue status via a flaw in buildStreamAuthOptions() where BasicAuth...

7.5CVSS6AI score0.00778EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/13 7:28 p.m.•4 views

CVE-2026-31882 Dagu SSE Authentication Bypass in Basic Auth Mode

7.5CVSS6AI score0.00778EPSS

Exploits1References6

EUVD•added 2026/03/13 3:5 p.m.•3 views

EUVD-2026-12087

Dagu: SSE Authentication Bypass in Basic Auth Mode...

7.5CVSS5.8AI score0.00778EPSS

Exploits1References4

Github Security Blog•added 2026/03/13 3:5 p.m.•3 views

Dagu: SSE Authentication Bypass in Basic Auth Mode

SSE Authentication Bypass in Basic Auth Mode Summary When Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG execution data, workflow...

7.5CVSS6AI score0.00778EPSS

Exploits1References6Affected Software1

OSV•added 2026/03/13 3:5 p.m.•2 views

GHSA-9WMW-9WPH-2VWP Dagu: SSE Authentication Bypass in Basic Auth Mode

7.5CVSS6AI score0.00778EPSS

Exploits1References6

Positive Technologies•added 2026/03/13 12:0 a.m.•6 views

PT-2026-25364

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGU AUTH MODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

7.5CVSS6AI score0.00778EPSS

Exploits1References5

CNNVD•added 2026/03/06 12:0 a.m.•4 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...

8.8CVSS7.4AI score0.00323EPSS

Exploits1References2

Tenable Nessus•added 2026/03/04 12:0 a.m.•4 views

Debian dla-4494 : liborthancframework-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4494-1 [email protected] https://www.debian.org/lts/security/...

5.7CVSS5.8AI score0.00408EPSS

Exploits0References4

RedhatCVE•added 2026/02/23 7:26 a.m.•9 views

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.5AI score0.00349EPSS

Exploits1References1

SUSE CVE•added 2026/02/22 12:30 a.m.•3 views

SUSE CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...

5.7CVSS5.8AI score0.00408EPSS

Exploits0References3

RedhatCVE•added 2026/02/21 7:35 p.m.•8 views

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

7.5CVSS5.6AI score0.00242EPSS

Exploits0References1

NVD•added 2026/02/21 10:16 a.m.•8 views

CVE-2026-27480

5.3CVSS0.00349EPSS

Exploits1References2

Vulnrichment•added 2026/02/21 9:14 a.m.•5 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

5.3CVSS5.5AI score0.00349EPSS

Exploits1References2

ATTACKERKB•added 2026/02/21 9:14 a.m.•4 views

CVE-2026-27480