Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

986 matches found

NVD
NVDadded yesterday3 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS
Exploits0References6
EUVD
EUVDadded yesterday6 views

EUVD-2026-38598

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKBadded yesterday3 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score
Exploits0References7
Cvelist
Cvelistadded yesterday25 views

CVE-2026-11807 Eda-server: websocket missing authorization allows credential theft via activation_id spoofing

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS
Exploits0References6
CVE
CVEadded yesterday9 views

CVE-2026-11807

CVE-2026-11807 affects Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions when processing Worker messages, permitting any authenticated user to forge a message with an arbitrary activation_id and access plaintext credentials tied to tha...

9.6CVSS5.9AI score
Exploits0References6
Debian CVE
Debian CVEadded 2026/06/14 5:21 p.m.7 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0
NVD
NVDadded 2026/06/12 9:16 p.m.8 views

CVE-2026-44784

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/12 8:23 p.m.7 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/12 8:23 p.m.27 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS0.00231EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/12 8:23 p.m.10 views

EUVD-2026-36587

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
CVE
CVEadded 2026/06/12 8:23 p.m.15 views

CVE-2026-44784

Discourse has a vulnerability where non-staff group owners can access a group’s outgoing SMTP credentials in plaintext via the group history log (/groups/:name/logs.json). Affected fields include email_password, email_username, smtp_server, smtp_port, and smtp_ssl_mode, with SMTP password being t...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.10 views

PT-2026-48981

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/06/11 12:0 a.m.14 views

IBM Security QRadar EDR 安全漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are security vulnerabilities in versions 3.12 to 3.12.24 of IBM Security QRadar EDR. These vulnerabilities stem from the storage of user credentials in plain text, whic...

4.4CVSS5.3AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/09 8:59 p.m.8 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS7AI score0.00251EPSS
Exploits0References1
NVD
NVDadded 2026/06/08 4:16 p.m.13 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/08 3:29 p.m.6 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/06/08 3:29 p.m.8 views

EUVD-2026-35107

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References2
CVE
CVEadded 2026/06/08 3:29 p.m.21 views

CVE-2026-46440

Flowise CVE-2026-46440 affects Flowise versions before 3.1.2. The vulnerability is in the checkBasicAuth endpoint, which validates credentials in plaintext using direct comparison and without rate limiting. This can enable credential brute-forcing and enumeration, potentially granting access to t...

9.1CVSS7.1AI score0.00251EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.6 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability. This vulnerability stemmed from the checkBasicAuth endpoint, which validated credentials in plaintext without rate limits,...

9.1CVSS7.2AI score0.00251EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.9 views

Devolutions Server 加密问题漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions have security vulnerabilities. These...

6.5CVSS5.8AI score0.00148EPSS
Exploits0References1
Rows per page
Query Builder