Lucene search
K

277 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35952

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.2.0 through 42.7.10 Description A client-side denial of service occurs during SCRAM-SHA-256 authentication. A malicious server can force the driver to execute SCRAM authentication using an excessively large iteration count,...

7.5CVSS5.9AI score0.0077EPSS
Exploits0References224
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/28 5:26 p.m.16 views

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

7.3CVSS5.3AI score0.00456EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/04/23 8:39 a.m.4 views

Missing Critical Step in Authentication

Overview org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the AuthenticationHandler's handleResponse method. The client may accept...

7.3CVSS5.4AI score0.00456EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 9:31 a.m.6 views

GHSA-V468-QCJX-R72W Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 8:16 a.m.13 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS0.00456EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/22 7:7 a.m.6 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.35 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 7:7 a.m.27 views

CVE-2026-40542

Apache HttpClient 5.6 is affected by a missing step in SCRAM-SHA-256 mutual authentication, allowing a client to accept authentication without proper mutual verification. The issue impacts the 5.6 release and is fixed by upgrading to version 5.6.1. Affected component: Apache HttpClient (Java), v5...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/22 7:7 a.m.2 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34264

Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/20 3:31 p.m.6 views

Insertion of Sensitive Information into Log File

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Insertion of Sensitive...

8.2CVSS5.5AI score0.00535EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 2:16 p.m.10 views

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS0.00535EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 1:20 p.m.2 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.8AI score0.00535EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.8 views

SUSE CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 9:31 a.m.7 views

EUVD-2026-16563

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 9:16 a.m.19 views

ALPINE-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

5.9CVSS5.9AI score0.00338EPSS
Exploits1References1
Rows per page
Query Builder