Lucene search
K

117 matches found

Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

8.4CVSS7.2AI score0.00293EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/14 12:0 a.m.7 views

EUVD-2026-2445

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

8.4CVSS7AI score0.00293EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Blurams Flare Camera 安全漏洞

Blurams Flare Camera is a webcam from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from an insecure authentication mechanism that could lead to the execution of arbitrary commands...

6.8CVSS7AI score0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.8 views

CVE-2024-41808

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...

8.8CVSS5.6AI score0.00528EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.10 views

CVE-2025-1717

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...

8.1CVSS7.1AI score0.00542EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/10/15 12:0 a.m.198 views

📄 PerfexCRM Authentication Bypass

PerfexCRM versions prior to 3.3.1 suffer from an authentication bypass vulnerability. Security Advisory — PerfexCRM Authentication Bypass CVE-2025-60375, RESERVED Advisory ID: perfexcrm-auth-bypass-2025 CVE: CVE-2025-60375 RESERVED Product: PerfexCRM Affected versions: versions prior to 3.3.1 3.3...

7.3CVSS7.1AI score0.00263EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3276

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18118

Malicious code in bioql PyPI...

8.2CVSS7.5AI score0.00461EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39197

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00528EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/09/22 11:39 p.m.7 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
Imperva Blog
Imperva Blog
added 2025/08/27 5:19 p.m.16 views

Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers

Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...

9.3CVSS6.6AI score0.00709EPSS
Exploits3
CNVD
CNVD
added 2025/08/22 12:0 a.m.4 views

Tenda AC6 Code Execution Vulnerability (CNVD-2025-20158)

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6. The vulnerability stems from the presence of insecur...

9.8CVSS8.4AI score0.0054EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/08/07 10:54 a.m.5 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/08/06 4:17 p.m.4 views

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS5.8AI score0.00461EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.4 views

PT-2025-30413 · Etq · Etq Reliance

Name of the Vulnerable Software and Affected Versions: ETQ Reliance versions prior to SE.2025.1 ETQ Reliance version 2025.1.2 Description: An XML External Entity XXE injection vulnerability exists within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input...

6.9CVSS6.9AI score0.00901EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/07/21 11:1 a.m.4 views

CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2025/07/21 11:1 a.m.18 views

CVE-2025-41459

CVE-2025-41459 affects Two App Studio Journey 5.5.6 on iOS. The local authentication component has insufficient brute-force protection and is vulnerable to runtime manipulation, allowing local attackers to bypass biometric and PIN controls via repeated PIN attempts or dynamic code injection. CVSS...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/21 11:1 a.m.9 views

CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...

7.8CVSS0.00167EPSS
Exploits0References1
OSV
OSV
added 2025/06/14 5:57 a.m.4 views

BIT-POSTGRESQL-JDBC-DRIVER-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.9AI score0.00461EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/06/11 2:44 p.m.11 views

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

8.2CVSS7.2AI score0.00461EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder