Lucene search
K

129 matches found

NVD
NVD
added 2026/03/10 9:16 p.m.4 views

CVE-2026-30966

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any...

10CVSS0.00384EPSS
Exploits0References3
NVD
NVD
added 2026/03/04 10:16 p.m.6 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS0.0026EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 9:32 p.m.33 views

CVE-2026-27801

Vaultwarden (unofficial Bitwarden server) is affected by CVE-2026-27801 where versions 1.34.3 and earlier permit a 2FA bypass on protected actions due to faulty rate-limit enforcement. An authenticated attacker can perform protected actions (e.g., access a user’s API key or delete vaults and orga...

6CVSS5.9AI score0.0026EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/04 8:6 p.m.4 views

GHSA-V6PG-V89R-W8WR Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/04 8:6 p.m.9 views

Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-23064

Name of the Vulnerable Software and Affected Versions Vaultwarden versions 1.34.3 and prior Description Vaultwarden, a Bitwarden compatible server, is susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this...

6CVSS5.2AI score0.0026EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:7 p.m.3 views

CVE-2026-27839

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

4.3CVSS5.9AI score0.0026EPSS
Exploits1References3Affected Software1
ICS
ICS
added 2026/02/24 12:30 a.m.10 views

ABB AC500 V3 Multiple Vulnerabilities

SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...

8.3CVSS6.1AI score0.00523EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/02/18 4:45 p.m.21 views

CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.13 views

CVE-2023-45184

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270...

7.5CVSS6.3AI score0.01624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.5 views

CVE-2019-7476

A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier...

8.1CVSS7.2AI score0.01363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 7:20 p.m.7 views

CVE-2025-64420 Coolify members can see private key of root user

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...

9.9CVSS6.4AI score0.00495EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.3 views

CVE-2025-69029 WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through = 2.5.1...

5.4CVSS6.6AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 6:31 p.m.4 views

EUVD-2025-34896

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...

9.4CVSS7.7AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2025/10/17 4:2 p.m.19 views

CVE-2025-8414

CVE-2025-8414 affects Zigbee EZSP Host Applications and is caused by improper input validation leading to a buffer overflow. This can cause stack corruption and, under certain conditions, arbitrary code execution. Exploitation requires access to a network key. The CVSS 4.0 score is CRITICAL (AV: ...

9.4CVSS7.8AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-7151

Malware in sbrugna...

5.9CVSS6AI score0.0161EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-28941

Malware in sbrugna...

4CVSS4.9AI score0.00291EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-24846

Malware in sbrugna...

6.9CVSS6.5AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3227

Malware in sbrugna...

2.1CVSS9.2AI score0.00376EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4718

Malware in sbrugna...

5.5CVSS6.4AI score0.00352EPSS
Exploits0References6
Rows per page
Query Builder