Lucene search
K

794 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41051

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS5.8AI score0.00171EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53670

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists in four REST endpoints: 'c2profile config check webhook', 'c2profile redirect rules webhook', 'c2profile get ioc webhook', and 'c2profile sample message webhook'. The...

6.5CVSS5.9AI score0.00171EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39592

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 5:3 p.m.34 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS0.00146EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 5:3 p.m.6 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that all fragments of a frame be encrypted with the same key. An adversary can exploit this weakness to decrypt selected fragments when another device sends fragmented...

2.6CVSS6.8AI score0.02592EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS5.4AI score0.00141EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:9 a.m.14 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS5.8AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 7:9 a.m.23 views

CVE-2026-50208

CVE-2026-50208 describes a vulnerability where TrustAllCerts routines bypass TLS certificate validation and are combined with hard-coded DES keys, enabling a MitM actor to decrypt network traffic. Documented impact includes high confidentiality and integrity risks with network traffic exposure; n...

9.4CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 7:9 a.m.42 views

CVE-2026-50208 Permissive TrustAllCerts TLS Verification

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS0.00141EPSS
Exploits0References1
CERT
CERT
added 2026/06/03 12:0 a.m.11 views

Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities

Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow...

7.5CVSS5.5AI score0.00432EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird does not check whether the user ID associated with an OpenPGP key has a valid self-signature. An attacker may create a forged version of an OpenPGP key, either by replacing the original user ID or by adding another user ID. If Thunderbird imports and accepts the forged key, the...

4.3CVSS6.5AI score0.0048EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The “binding mark” of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 lib. The cifs.ko module can send session setup requests using a reused connection. If a reused...

5.5CVSS6.3AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.13 views

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 12:48 a.m.11 views

EUVD-2026-29869

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Amazon::Credentials 安全特征问题漏洞

Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

8.1CVSS0.00248EPSS
Exploits0References6
Rows per page
Query Builder