Lucene search
+L

489 matches found

nuclei
nuclei
added yesterday20 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.6AI score0.83214EPSS
Exploits4References5
nuclei
nuclei
added yesterday30 views

Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. id: CVE-2021-43287 info: name: Pre-Auth Takeover of Build Pipelines in GoCD author: dhiyaneshDk severity...

7.5CVSS7AI score0.28039EPSS
Exploits2References5
nuclei
nuclei
added yesterday112 views

Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...

5.3CVSS6.3AI score0.23086EPSS
Exploits0References5
nvd
nvd
added 3 days ago4 views

CVE-2026-15720

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS0.00371EPSS
Exploits0References1
osv
osv
added 3 days ago3 views

CVE-2026-15720 Pre-auth heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS6.1AI score0.00371EPSS
Exploits0References3
cve
cve
added 3 days ago8 views

CVE-2026-15720

Open5GS up to version 2.7.7 is affected by a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler, which may cause subscriber-wide denial of service. The CVE entry consolidates this as CVE-2026-15720. The connected sources (NVD/NVD CVE records) confirm the vulnera...

8.6CVSS6.1AI score0.00371EPSS
Exploits0References1
mscve
mscve
added 6 days ago3 views

NATS Server: Pre-auth server crash via double INFO in leafnode handshake

...

7.5CVSS6.1AI score0.00732EPSS
Exploits0
nvd
nvd
added 2026/07/06 5:16 p.m.12 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.8CVSS0.00653EPSS
Exploits0References1
euvd
euvd
added 2026/07/06 4:13 p.m.5 views

EUVD-2026-41887

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS6AI score0.00653EPSS
Exploits0References1
cve
cve
added 2026/07/06 4:13 p.m.37 views

CVE-2026-40139

BeyondTrust Remote Support authentication subsystem contains a critical pre-authentication vulnerability (CVE-2026-40139). Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including...

9.8CVSS6AI score0.00653EPSS
Exploits0References1Affected Software2
euvd
euvd
added 2026/07/06 4:12 p.m.9 views

EUVD-2026-41886

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/06 4:12 p.m.10 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/01 3:33 a.m.9 views

CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS6.6AI score0.01439EPSS
Exploits0References3
cve
cve
added 2026/07/01 3:33 a.m.59 views

CVE-2026-7840

CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...

9.8CVSS6.6AI score0.01439EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/06/30 8:2 p.m.156 views

CVE-2026-10109

CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/30 9:53 a.m.8 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software3
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.13 views

PT-2026-53954

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description Remote code execution is possible due to improper handling of the pre-authentication DRDA Distributed Relational Database Architecture handshake. This fl...

9.8CVSS6.3AI score0.0086EPSS
Exploits0References3
github
github
added 2026/06/26 7:11 p.m.9 views

@sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/26 3:32 p.m.12 views

EUVD-2026-39650

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

7.3CVSS5.7AI score0.00321EPSS
Exploits0References2
cve
cve
added 2026/06/23 6:17 p.m.89 views

CVE-2026-53753

CVE-2026-53753 affects Crawl4AI before version 0.8.7. The _safe_eval_expression() AST validator only blocks underscore-prefixed attributes, allowing access to generator/frame attributes (gi_frame, f_back, f_builtins) and enabling sandbox escape to achieve arbitrary code execution. The attack is u...

10CVSS6.2AI score0.0045EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder