Lucene search
K

4017 matches found

EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-41672

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS5.5AI score
Exploits0References5
Nuclei
Nuclei
added 16 hours ago38 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.5AI score0.08923EPSS
Exploits5References5
Nuclei
Nuclei
added 16 hours ago32 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

5.3CVSS6.8AI score0.09336EPSS
Exploits5References5
Nuclei
Nuclei
added 16 hours ago14 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7.1AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago10 views

ZenML ZenML Server - Improper Authentication

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...

8.8CVSS6.9AI score0.70581EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago63 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.4AI score0.61043EPSS
Exploits0References4
OSV
OSV
added 5 days ago2 views

UBUNTU-CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.00261EPSS
Exploits0References7
CVE
CVE
added 5 days ago34 views

CVE-2026-55955

CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...

6.5CVSS5.7AI score0.00261EPSS
Exploits0References2Affected Software1
OSV
OSV
added 5 days ago5 views

PYSEC-2026-413 Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS6AI score0.0013EPSS
Exploits0References6
OSV
OSV
added 5 days ago6 views

PYSEC-2026-575 wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.7AI score0.00272EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40043

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to...

6.3CVSS5.2AI score0.00364EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-13543 Documenso Google OAuth Login handle-oauth-callback-url.ts improper authentication

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to...

6.3CVSS0.00364EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-13543

A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown functionality of the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts of the component Google OAuth Login. The manipulation results in improper authentication. It is possible to...

6.3CVSS5.6AI score0.00364EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/26 9:29 a.m.5 views

CVE-2026-12773

A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...

9.8CVSS5.8AI score0.00612EPSS
Exploits1References8
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.36 views

SSL VPN Session Hijacking

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. id: CVE-2024-53704 info: name: SSL VPN Session Hijacking author: johnk3r severity: critical description: | An Improper Authentication vulnerability in the SSLVPN...

9.8CVSS7.6AI score0.95132EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 3:15 a.m.8 views

EUVD-2026-38139

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00562EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:27 p.m.4 views

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 8:27 p.m.8 views

EUVD-2026-38086

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:19 p.m.15 views

CVE-2026-49872

The CVE-2026-49872 entry concerns Apache APISIX and its cas-auth plugin. Affected versions are 3.0.0 through 3.16.0; the issue is an improper authentication flaw where, when cas-auth is used on a route, an attacker may authenticate using credentials from a different source. The public documentati...

8.1CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder