Lucene search
K

4030 matches found

CVE
CVE
added 7 hours ago7 views

CVE-2026-9695

DELMIA Apriso (releases 2020–2026) has an Improper Authentication vulnerability that could allow an attacker to gain privileged access to the server. CVSS v3.1 base score 9.8 (CRITICAL), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. No exploit details or remediation are provided in the supplied do...

9.8CVSS6AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-42177

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago83 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.2AI score0.61043EPSS
Exploits0References4
Nuclei
Nuclei
added 8 hours ago14 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7.1AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago42 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.5AI score0.08923EPSS
Exploits5References5
Nuclei
Nuclei
added 8 hours ago32 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

5.3CVSS6.8AI score0.09336EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday16 views

ZenML ZenML Server - Improper Authentication

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...

8.8CVSS6.9AI score0.70581EPSS
Exploits1References5
NVD
NVD
added yesterday5 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42036

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-53483

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...

9.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4) is reported vulnerable to Improper Authentication : the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be replayed fr...

6AI score
Exploits0References3
OSV
OSV
added 2 days ago4 views

BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41847

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41672

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References5
Snyk
Snyk
added 5 days ago5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via a malformed SSH sub-verb in the authentication process. An attacker can gain unauthorized read access to private repositories by crafting specific SSH requests. Remediation Upgrade github.com/go-gitea/gitea/c...

7.7CVSS6AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Apache Tomcat 9.0.0.M1 < 9.0.119 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.119. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.119security-9 advisory. - Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the...

9.1CVSS6AI score0.00423EPSS
Exploits1References13
OSV
OSV
added 2026/06/29 9:16 p.m.2 views

UBUNTU-CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.0028EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 8:44 p.m.49 views

CVE-2026-55955

CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...

6.5CVSS5.7AI score0.0028EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:44 p.m.4 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

5.7AI score0.0028EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder