Lucene search
K

688 matches found

Nuclei
Nuclei
added 5 hours ago43 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.1AI score0.78395EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-47831 Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
Fedora
Fedora
added 5 days ago8 views

[SECURITY] Fedora 44 Update: openssh-10.2p1-12.fc44

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

6.5CVSS6AI score0.00367EPSS
Exploits2
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-2003 vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

6.5CVSS7.2AI score0.00466EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:9 a.m.5 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 7:9 a.m.36 views

CVE-2026-14807 PROG MIS|ERP App - Use of Hard-coded Credentials

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55872

Name of the Vulnerable Software and Affected Versions ERP App developed by PROG MIS affected versions not specified Description The application contains hard-coded credentials, which are passwords or usernames embedded directly into the software source code. This allows unauthenticated remote...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 7:17 a.m.7 views

EUVD-2026-39637

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

9.8CVSS6.2AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.38 views

CVE-2026-57881 GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

9.8CVSS0.00376EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/10 1:9 a.m.15 views

[SECURITY] Fedora 43 Update: putty-0.84-1.fc43

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

5.9CVSS5.4AI score0.0032EPSS
Exploits0
Fedora
Fedora
added 2026/06/10 12:56 a.m.14 views

[SECURITY] Fedora 44 Update: putty-0.84-1.fc44

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

5.9CVSS5.4AI score0.0032EPSS
Exploits0
Mageia
Mageia
added 2026/06/05 5:37 p.m.20 views

Updated cockpit packages fix security vulnerabilities

CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...

9.8CVSS7AI score0.142EPSS
Exploits4References27
IBM AIX
IBM AIX
added 2026/05/28 2:9 p.m.18 views

Multiple vulnerabilities in OpenSSH affect AIX

IBM SECURITY ADVISORY First Issued: Thu May 28 14:09:50 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory21.asc Security Bulletin: Multiple vulnerabilities in OpenSSH affect AIX...

8.1CVSS5.8AI score0.00419EPSS
Exploits0
NVD
NVD
added 2026/05/27 9:16 p.m.20 views

CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 8:11 p.m.14 views

EUVD-2026-32656

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS5.9AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 8:11 p.m.27 views

CVE-2026-47269

CVE-2026-47269 affects pam_usb on Linux. The deny_remote feature checks utmpx ut_addr_v6[0] to identify remote sessions, but IPv4-mapped IPv6 addresses cause the check to fail (ut_addr_v6[0] == 0, while the IPv4 address is in ut_addr_v6[3]), so remote SSH connections can be treated as local. As a...

7.4CVSS5.9AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 7:59 p.m.10 views

CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

8.1CVSS5.8AI score0.00342EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.29 views

VulnCheck KEV: CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.2AI score0.88496EPSS
In wildExploits4References6
Vulnrichment
Vulnrichment
added 2026/05/12 5:49 a.m.10 views

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References1
Rows per page
Query Builder