Lucene search
K

48589 matches found

EUVD
EUVD
added 2026/06/12 3:42 p.m.10 views

EUVD-2026-36496

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 3:42 p.m.17 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account-takeover vulnerability in its email-change mechanism. An attacker with a temporary authenticated session can change the registered email address without re-authentication (no password or MFA verification), redirect verification to an attacker-controlle...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2626 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2625 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.1CVSS5.3AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2624 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2623 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 11:16 a.m.15 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 10:0 a.m.31 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 12:31 a.m.7 views

EUVD-2026-36365

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

9.3CVSS5.8AI score0.00544EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 12:31 a.m.7 views

EUVD-2026-36363

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

8.4CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:31 a.m.8 views

EUVD-2026-36364

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS5.9AI score0.0055EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...

6.9CVSS5.2AI score0.00094EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. When OIDC is configured, the software accepts identity tokens during login...

10CVSS6.2AI score0.0116EPSS
Exploits0References93
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 10:16 p.m.12 views

CVE-2026-45173

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

8.4CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 10:16 p.m.10 views

CVE-2026-45172

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.8CVSS0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 9:55 p.m.9 views

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

8.7CVSS5.7AI score0.00544EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 9:55 p.m.18 views

CVE-2026-45171

Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...

8.8CVSS5.8AI score0.00544EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/11 9:41 p.m.29 views

CVE-2026-45172

The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder