Lucene search
K

734 matches found

EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.8 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.11 views

node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.5AI score0.00338EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-70994

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

7.3CVSS5.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.5AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 9:16 a.m.9 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 7:22 a.m.39 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:22 a.m.8 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 7:22 a.m.21 views

CVE-2026-50210

CVE-2026-50210 is linked to multiple sources describing a cryptographic weakness where data is encrypted with AES-CBC using static zero-filled IVs. This configuration can enable replay attacks and known-plaintext decryption. The description across NVD, CVE records, and related feeds consistently ...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 7:22 a.m.7 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:22 a.m.9 views

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability arises from the use of static zero-padding initialization vectors when encrypting data using AES-CBC encryption. This can lead to replay...

7.5CVSS5.3AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. One...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 4:31 p.m.31 views

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from the SAML callback handler in controllers/auth.go, which accepted SA...

5.8AI score0.0023EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 3:37 p.m.18 views

eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 3:37 p.m.5 views

GHSA-J5RM-V3VH-VX94 eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

8.7CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/11 2:42 p.m.9 views

EUVD-2026-27657

Keylime has a hardcoded attestation challenge nonce that allows replay attacks...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 12:30 p.m.11 views

Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8w6-w55c-ccv5. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent...

6.3CVSS5.7AI score0.00121EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder