2640 matches found
DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcardRecursive endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remot...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...
Linux Distros Unpatched Vulnerability : CVE-2026-56766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and...
CVE-2026-53632
A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...
Linux Distros Unpatched Vulnerability : CVE-2026-56968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
EUVD-2026-39515
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766
Hydra before 9.7 contains a stack buffer overflow in the NTLM authentication handler used by SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing crafted NTLM Type-2 challenges. A malicious server can send a long domain in NTLM Type-2, overflowing a 500-byte st...
PT-2026-52540
Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...
SUSE CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
EUVD-2026-38512
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...
PT-2026-51567
Name of the Vulnerable Software and Affected Versions GNU SASL versions prior to 2.2.4 Description The NTLM client lacks sanitization of a short challenge within the gsasl ntlm client step function. This flaw allows a crafted server to cause memory disclosure. Recommendations Update to version...
CVE-2026-53632
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...