Lucene search
K

284 matches found

Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23735

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...

9.3CVSS5.9AI score0.00498EPSS
Exploits0References13
Snyk
Snyk
added 2026/03/05 8:43 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the IsCorrectUsernameAndPassword validation. An attacker can cause a victim's browser to initiate a session tied to an account for which the attacker knows the credentials by tricking the victim into...

5.4CVSS5.8AI score0.00076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/22 1:27 a.m.6 views

CVE-2019-25436

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...

6.5CVSS5.7AI score0.00249EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/20 10:54 p.m.4 views

CVE-2019-25436 Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...

6.5CVSS5.7AI score0.00249EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Sricam DeviceViewer 安全漏洞

Sricam DeviceViewer is a monitoring video management software developed by Sricam Corporation in China. Version 3.12.0.1 of Sricam DeviceViewer contains a security vulnerability. This vulnerability stems from improper validation of the old password field, which may allow authenticated users to...

6.5CVSS5.8AI score0.00249EPSS
Exploits1References3
NVD
NVD
added 2026/02/09 10:16 p.m.4 views

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

5.4CVSS0.00325EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.10 views

PT-2026-7167

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files. A flaw in the password validation process, specifically a...

9.9CVSS5AI score0.27661EPSS
Exploits45References122
Github Security Blog
Github Security Blog
added 2026/02/06 10:52 p.m.11 views

Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service

Summary The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly...

7.5CVSS5.5AI score0.00407EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:45 a.m.8 views

CVE-2010-0227

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...

4.6CVSS6.9AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.4 views

CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

6.5CVSS6.9AI score0.01373EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...

8.8CVSS7.2AI score0.00522EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.5 views

CVE-2021-22221

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...

6.5CVSS7AI score0.00767EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 2:15 p.m.6 views

CVE-2026-21891

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.8CVSS0.02169EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/08 2:0 p.m.22 views

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.4CVSS0.02169EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 2:0 p.m.4 views

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.4CVSS6.7AI score0.02169EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/08 2:0 p.m.12 views

EUVD-2026-1670

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.4CVSS6.3AI score0.02169EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000159 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in...

7.5CVSS7.5AI score0.02397EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 5:11 a.m.11 views

Improper Authentication

org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to the use of a magic constant during password validation, which allows an attacker to log in as any user by using the crafted magic constant as the password...

9.8CVSS7.3AI score0.01325EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:53 a.m.4 views

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

8.5CVSS6.8AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 2:16 a.m.5 views

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

8.5CVSS0.0013EPSS
Exploits0References3
Rows per page
Query Builder