CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

Positive Technologies•added 3 days ago•7 views

PT-2026-47648

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00038EPSS

Exploits0References2

GithubExploit•added 4 days ago•50 views

Exploit for CVE-2026-43512

CVE-2026-43512 — Apache Tomcat DIGEST Authentication Bypass...

9.8CVSS7.8AI score0.00139EPSS

Exploits1

RedhatCVE•added last week•5 views

CVE-2026-32965

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS7.1AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 7:44 p.m.•10 views

CVE-2026-43512

A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls. Mitigation To mitigate this issue, disable DIGEST...

9.8CVSS5.7AI score0.00139EPSS

Exploits1References4

OSV•added 2026/04/25 11:40 p.m.•1 views

GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

9.4CVSS5.8AI score0.00058EPSS

Exploits0References5

Snyk•added 2026/04/25 11:40 p.m.•3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...

9.4CVSS5.8AI score0.00058EPSS

Exploits0References2

Positive Technologies•added 2026/04/25 12:0 a.m.•3 views

PT-2026-35503

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An authentication bypass exists in the internal login endpoint. The IsPasswordMatch function in backend/db/models.go uses a hard-coded bcrypt"null" placeholder when a user has no stored password...

9.4CVSS5.8AI score0.00058EPSS

Exploits0References16

EUVD•added 2026/04/20 6:31 a.m.•1 views

EUVD-2026-23758

8.7CVSS5.8AI score0.00041EPSS

Exploits0References4

Vulnrichment•added 2026/04/20 3:17 a.m.•1 views

CVE-2026-32965

8.7CVSS5.8AI score0.00041EPSS

Exploits0References3

CVE•added 2026/04/20 3:17 a.m.•8 views

CVE-2026-32965

CVE-2026-32965 affects silex technology SD-330AC and AMC Manager. The vulnerability arises from initializing a resource with an insecure default configuration, allowing a device on factory-default settings to be configured with a null string password upon network connection. This has potential im...

8.7CVSS5.8AI score0.00041EPSS

Exploits0References3Affected Software1