Lucene search
+L

228 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 1:57 p.m.10 views

CVE-2026-56765

Summary (CVE-2026-56765): Vikunja prior to 2.2.1 contains two related authorization flaws. First, the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. Second, the GetTaskAttachment endpoint performs permission check...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 10:15 a.m.50 views

CVE-2026-15041 389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.12 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm launch-editor versions = 2.14.0...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.8 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:18 p.m.57 views

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/06/12 6:23 p.m.13 views

GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

7.2CVSS6.2AI score0.58974EPSS
Exploits20References6
Github Security Blog
Github Security Blog
added 2026/06/12 6:23 p.m.16 views

GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

7.2CVSS6.2AI score0.00353EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49053

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description An authenticated administrator with access to the security system can provide arbitrary absolute file paths to the Master Password Dump web page to create files...

7.2CVSS8.2AI score0.00353EPSS
Exploits0References9
CVE
CVE
added 2026/06/08 4:47 p.m.24 views

CVE-2026-39908

OpenBullet2 ≤ v0.3.2 on Windows suffers a credential disclosure via a UNC-path proxy source. When a job loads proxies from an attacker-controlled UNC path, an SMB authentication occurs and reveals the NTLMv2 hash of the process user, enabling relay or offline cracking. Affected component is the p...

7.1CVSS5.6AI score0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:30 p.m.12 views

CVE-2026-45080 Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43449

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.1 Kirby versions prior to 5.4.1 Description Kirby failed to validate model attributes used in collection queries, enabling authenticated Panel users to execute arbitrary model methods. This arbitrary method call, a...

8.7CVSS6.3AI score0.0028EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Microsoft Visual Studio Products (April 2026)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by an information disclosure vulnerability: - It is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an...

7.4CVSS6.4AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33110

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.53.0.windows.3 Description Git for Windows lacks protections that prevent attackers from obtaining a user's NTLM hash. An attacker can obtain the NTLMv2 hash by tricking users into cloning a malicious...

7.4CVSS6.4AI score0.00316EPSS
Exploits0References9
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4855 Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api

Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If thi...

9.8CVSS5.9AI score0.00351EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 9:18 p.m.8 views

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Summary The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/25 9:18 p.m.2 views

GHSA-8HP8-9FHR-PFM9 Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Summary The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by...

7.5CVSS6AI score0.00398EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/24 3:47 p.m.1 views

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/24 3:47 p.m.19 views

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

7.5CVSS0.00398EPSS
Exploits1References3
Rows per page
Query Builder