Lucene search
K

1079 matches found

CVE
CVE
added 2026/03/27 5:25 a.m.19 views

CVE-2026-32678

The CVE-2026-32678 entry describes an authentication bypass vulnerability in BUFFALO Wi‑Fi router products. The issue would allow an attacker to alter critical configuration settings without authentication, compromising device configuration integrity and potentially impacting network management. ...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

Fleet SQL注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a SQL...

8.8CVSS6AI score0.00318EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 10:25 p.m.40 views

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

5.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:0 p.m.3 views

CVE-2026-26213

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.7CVSS6.8AI score0.06239EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 12:30 a.m.7 views

EUVD-2026-12653

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any...

9.2CVSS5.8AI score0.00596EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 9:42 p.m.14 views

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 9:41 p.m.3 views

CVE-2026-32841 Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any...

9.2CVSS5.8AI score0.00596EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 6:32 p.m.5 views

EUVD-2025-208750

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

5.8AI score0.00157EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 安全漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have security vulnerabilities; these vulnerabilities stem from authentication bypass issues, which could allow attackers ...

9.8CVSS7.3AI score0.00558EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.1 views

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/09 7:54 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can perform unauthorized persistent configuration changes by routing /config set or /config unset commands through an...

5.3CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. Previous versions...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
Broadcom
Broadcom
added 2026/03/03 12:0 a.m.18 views

Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 (CVE-2026-0869)

Application User accounts with Brocade ASCG application privileges created by the administrator are not properly being password enforced. Any other user that learns of the assigned user name can access the custom created application manager account and gain access to the Brocade ASCG application...

8.3CVSS5.9AI score0.00397EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/28 12:0 a.m.9 views

Microchip TimePictra 安全漏洞

Microchip TimePictra is a synchronization network management software developed by the American company Microchip. Versions of Microchip TimePictra 11.3 SP2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for critical functions, which...

9.3CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 4:24 p.m.10 views

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

5.1CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.5 views

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

5.1CVSS5.1AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.8 views

CVE-2025-11725

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

WordPress plugin Aruba HiSpeed Cache 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2026/02/17 9:22 p.m.4 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS0.00299EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/17 10:54 a.m.2 views

Missing Authorization

Overview org.apache.nifi:nifi-web-api is a system to process and distribute data. Affected versions of this package are vulnerable to Missing Authorization when updating configuration properties on extension components with restricted permissions. An attacker can modify sensitive configuration...

8.7CVSS5.7AI score0.0075EPSS
Exploits0References2
Rows per page
Query Builder