Lucene search
K

9 matches found

CVE
CVE
added 2026/03/26 5:5 p.m.16 views

CVE-2026-33469

Frigate (NVR) vulnerability CVE-2026-33469 affects version 0.17.0: an authenticated non-admin user can access the full unredacted configuration via /api/config/raw, exposing secrets (camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and other config.yml data). The issu...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using...

8.6CVSS6.3AI score0.00365EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/25 9:21 p.m.4 views

CVE-2026-33216

A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements JSON Web Tokens - JWT. This misclassification leads to the...

8.6CVSS5.6AI score0.00365EPSS
Exploits0References6
NVD
NVD
added 2026/03/25 8:16 p.m.5 views

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS0.00365EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/25 7:41 p.m.2 views

CVE-2026-33216 NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS5.9AI score0.00365EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 7:41 p.m.16 views

CVE-2026-33216

Impactful CVE-2026-33216 (NATS-Server) : In MQTT deployments using usercodes/passwords, passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed through monitoring endpoints. Affected versions are prior to 2.11.15 and 2.12.6; fixes are in 2.11.14 and 2.12....

8.6CVSS5.8AI score0.00365EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/03/25 7:41 p.m.4 views

CVE-2026-33216 NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS6.3AI score0.00365EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server before 2.11.15 and 2.12.6. These vulnerabilities stemmed from the incorrect classification of MQTT...

8.6CVSS6.4AI score0.00365EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27613

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains an issue where MQTT passwords are incorrectly...

9.8CVSS5.8AI score0.00573EPSS
Exploits16References160
Rows per page
Query Builder