Lucene search
K

232 matches found

Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.44 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.15 views

CVE-2026-57306

Jenkins Zowe zDevOps Plugin

4.2CVSS5.8AI score0.0011EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2026/06/12 2:55 a.m.15 views

curl: CVE-2026-12064: proto-default skips SSH verification

Summary When a user invokes curl with a schemeless URL and --proto-default sftp or scp, the tool layer guesses the URL is HTTP and skips setting SSH security options CURLOPTSSHHOSTPUBLICKEYSHA256, CURLOPTSSHKNOWNHOSTS. However libcurl's runtime correctly applies --proto-default and connects via...

7.5CVSS5.9AI score0.0045EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-46391

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS5.5AI score0.00457EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 12:31 a.m.14 views

EUVD-2026-30180

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 10:6 p.m.8 views

CVE-2026-32992

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-41342

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture...

8.1CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.33 views

CVE-2026-41342 OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture...

7.4CVSS0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.8 views

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 12:30 a.m.10 views

EUVD-2025-209397

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 9:32 p.m.13 views

CVE-2025-13914

CVE-2025-13914 concerns Juniper Networks Apstra SSH host key validation, described as a Key Exchange without Entity Authentication vulnerability. The issue enables an unauthenticated attacker to perform a man-in-the-middle attack on SSH connections from Apstra to managed devices, allowing imperso...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:32 p.m.3 views

CVE-2025-13914

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:32 p.m.6 views

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31796

Name of the Vulnerable Software and Affected Versions Juniper Networks Apstra versions prior to 6.1.1 Description A Key Exchange without Entity Authentication issue exists in the SSH implementation of Juniper Networks Apstra. This allows an unauthenticated, man-in-the-middle MITM attacker to...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.16 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS0.00142EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/15 2:11 a.m.118 views

linux-security-tools

Linux Security Tools Linux security tools, scanners, crackers...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.3 views

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS6.7AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.10 views

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

8.8CVSS6.1AI score0.01037EPSS
Exploits0References1
Rows per page
Query Builder