Lucene search
K

1238 matches found

Nuclei
Nuclei
added 18 hours ago58 views

SonicWall SMA1000 LFI

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description...

7.5CVSS7AI score0.72699EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago21 views

OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

10CVSS7.2AI score0.99999EPSS
Exploits10References2
Nuclei
Nuclei
added 18 hours ago26 views

CyberPanel - Command Injection

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters. id: CVE-2024-51568 info: name: CyberPanel - Comman...

10CVSS7.4AI score0.45682EPSS
Exploits4References4
Nuclei
Nuclei
added 18 hours ago60 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.5AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added 18 hours ago103 views

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. id: CVE-2022-47501 info: name: Apache OFBiz 18.12.07 - Local File Inclusion author: your3cho severity:...

7.5CVSS7AI score0.1018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 19 hours ago6 views

CVE-2026-58250

A flaw was found in NATS Server, a high-performance messaging system. An unauthenticated attacker with network access to a leafnode listener, where compression is enabled, could exploit this vulnerability. By sending repeated leafnode INFO protocol messages during the pre-authentication handshake...

7.5CVSS6AI score0.00732EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39510

File Browser: Command Injection via Authentication Hook Shell Substitution Pre-Authentication RCE...

9.3CVSS6.1AI score0.00533EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS0.00359EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

7.5CVSS6.1AI score0.00359EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 3 days ago7 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
NCSC
NCSC
added 3 days ago5 views

Vulnerabilities found in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust has identified vulnerabilities in the products Remote Support and Privileged Remote Access. These vulnerabilities involve multiple aspects of these products. There is a pre-authentication vulnerability that allows a network-based attacker to bypass authentication checks without prior...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54772 CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF...

7.5CVSS0.00476EPSS
Exploits0References6
CVE
CVE
added 5 days ago14 views

CVE-2026-54772

CoreWCF (net.tcp/net.pipe/net.uds) prior to versions 1.8.1 and 1.9.1 is affected. An unauthenticated remote attacker can trigger premature EOF handling in the framing handshake, causing one server thread-pool worker to be pinned at 100% CPU per connection and potentially exhausting CPU with multi...

7.5CVSS6AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 5 days ago6 views

CVE-2026-58250

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS0.00732EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
CVE
CVE
added 5 days ago10 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score0.00732EPSS
Exploits0References5Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-58250

CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

BeyondTrust Remote Support (RS) < 25.3.3 Multiple Vulnerabilities (BT26-03)

The version of BeyondTrust Remote Support RS running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities, including: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

BeyondTrust Privileged Remote Access (PRA) < 25.3.3 Multiple Vulnerabilities (BT26-03)

The version of BeyondTrust Privileged Remote Access PRA running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...

9.9CVSS6.2AI score0.00561EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 5:16 p.m.9 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
Rows per page
Query Builder