Lucene search
+L

104 matches found

euvd
euvd
added yesterday4 views

EUVD-2026-44690

Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the...

8.5CVSS6.1AI score
Exploits0References7
nvd
nvd
added 2026/07/08 6:16 a.m.13 views

CVE-2026-14495

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS0.00425EPSS
Exploits0References5
nessus
nessus
added 2026/06/30 12:0 a.m.10 views

Apache Tomcat 9.0.0.M1 < 9.0.102

The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6.1AI score0.00462EPSS
Exploits0References3
osv
osv
added 2026/06/29 9:16 p.m.11 views

DEBIAN-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References1
euvd
euvd
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38132

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
cve
cve
added 2026/06/20 6:27 p.m.33 views

CVE-2026-56345

AVideo 29.0 contains an authorization bypass via the Meet plugin's uploadRecordedVideo.json.php endpoint. The vulnerability derives the target users_id from the uploaded filename without verification, allowing a crafted file (e.g., filename like 1-anything.mp4) to trigger passwordless User-&gt;lo...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
osv
osv
added 2026/06/20 6:27 p.m.3 views

CVE-2026-56345 AVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6.1AI score0.00295EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.12 views

CVE-2026-32960

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS7.1AI score0.0026EPSS
Exploits0References1
nvd
nvd
added 2026/06/05 7:16 p.m.10 views

CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS0.00393EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.11 views

WordPress plugin WP Captcha PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/04/24 11:2 a.m.3 views

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

8.8CVSS5.5AI score0.00457EPSS
Exploits0References3
nvd
nvd
added 2026/04/20 4:16 a.m.7 views

CVE-2026-32960

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS0.0026EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/20 3:18 a.m.2 views

CVE-2026-32960

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References4Affected Software2
cvelist
cvelist
added 2026/04/20 3:18 a.m.35 views

CVE-2026-32960

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS0.0026EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.10 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

7.1CVSS7.1AI score0.0026EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.12 views

PT-2026-33698

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References4
nvd
nvd
added 2026/02/19 9:18 p.m.6 views

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

9.8CVSS0.00494EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/02/19 12:0 a.m.3 views

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

5.4AI score0.00494EPSS
Exploits1References2
nvd
nvd
added 2026/01/13 11:16 p.m.8 views

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

9.8CVSS0.04962EPSS
Exploits1References3
osv
osv
added 2026/01/13 11:16 p.m.45 views

UBUNTU-CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

9.8CVSS5.9AI score0.04962EPSS
Exploits1References5
Rows per page
Query Builder