Lucene search
+L

68 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 8:39 p.m.9 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/02 8:39 p.m.44 views

CVE-2026-52830 fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS0.00423EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 12:16 p.m.3 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/07/02 12:16 p.m.9 views

DEBIAN-CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:54 a.m.8 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/02 8:16 a.m.3 views

CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS5.6AI score0.00307EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:48 p.m.7 views

CVE-2026-10611

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS5.8AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 12:48 p.m.11 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS5.8AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:11 p.m.9 views

CVE-2026-47269 pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS5.9AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 9:15 p.m.20 views

CVE-2026-8327

Concrete CMS

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.15 views

EUVD-2026-29171

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/04 8:50 p.m.9 views

CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/04 8:50 p.m.4 views

GHSA-5HFV-C864-QCQ9 CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/04 2:35 p.m.125 views

Exploit for Missing Authentication for Critical Function in Cpanel

cPanel-WHM-CVE-2026-41940-AuthBypass CVE-2026-41940: cPanel...

9.8CVSS6.1AI score0.981EPSS
Exploits64
OSV
OSV
added 2026/04/09 2:37 p.m.8 views

BIT-PARSE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0 and 8.6.75, the GET /sessions/me endpoint returns Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/01 12:3 a.m.4 views

EUVD-2026-17502

Parse Server has a session field immutability bypass via falsy-value guard...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 8:45 p.m.29 views

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS0.00201EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 8:45 p.m.34 views

CVE-2026-34613

The CVE affects WWBN AVideo (versions 26.0 and earlier). The endpoint objects/pluginSwitch.json.php lets an admin enable/disable plugins without validating a CSRF token, and the plugin list is exempt from ORM-level Referer/Origin checks via ignoreTableSecurityCheck(), bypassing domain validation ...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.8 views

SUSE CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default 1 year. A...

5.4CVSS5.8AI score0.00302EPSS
Exploits1References3
Rows per page
Query Builder