Lucene search
K

31 matches found

NVD
NVD
added yesterday7 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.6 views

SUSE CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.9AI score0.00269EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/19 5:43 p.m.9 views

EUVD-2026-12823

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 2:16 p.m.6 views

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 12:55 p.m.26 views

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS0.00269EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 12:55 p.m.2 views

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/17 5:13 p.m.26 views

CVE-2025-36425 IBM Db2 Information Disclosure

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...

5.3CVSS0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.6 views

Genivia gSOAP 安全漏洞

Genivia gSOAP is a C/C++ software development kit with automatic coding from Genivia, Inc. A security vulnerability exists in Genivia gSOAP, which originates from a denial of service due to a high CPU load caused by an unauthenticated, remote attacker forcing the parsing of XML with duplicate ID...

7.5CVSS7.3AI score0.00693EPSS
Exploits0References2
NVD
NVD
added 2024/09/18 8:15 a.m.13 views

CVE-2024-46755

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid mwifiexgetprivbyid returns the priv pointer corresponding to the bssnum and bsstype, but without checking if the priv is actually currently in use. Unused priv pointe...

5.5CVSS0.00272EPSS
Exploits0References10
OSV
OSV
added 2024/05/08 5:50 p.m.15 views

GHSA-F3H7-GPJJ-WCVH Spin applications with specific configuration vulnerable to potential network sandbox escape

Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowedoutboundhosts =...

9.1CVSS9.3AI score0.00485EPSS
Exploits0References4
Kitploit
Kitploit
added 2024/02/01 11:30 a.m.25 views

Sncscan - Tool For Analyzing SAP Secure Network Communications (SNC)

Tool for analyzing SAP Secure Network Communications SNC. How to use? In its current state, sncscan can be used to read the SNC configurations for SAP Router and DIAG SAP GUI connections. The implementation for the SAP RFC protocol is currently in development. SAP Router SAP Routers can either...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/09 12:0 a.m.24 views

Fedora 37 : xorg-x11-server (2023-f111d2f306)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f111d2f306 advisory. Security fix for CVE-2023-5367, CVE-2023-5380 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.8CVSS6.5AI score0.00715EPSS
Exploits0References3
Prion
Prion
added 2023/10/25 8:15 p.m.17 views

Double free

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode. If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be...

3.5CVSS6.8AI score0.00536EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-25882 · Ping Identity · Pingfederate Identifier First Adapter

Name of the Vulnerable Software and Affected Versions: PingFederate Identifier First Adapter affected versions not specified Description: The issue allows for authentication bypass under a very specific and highly unrecommended configuration in the PingFederate Identifier First Adapter...

9.8CVSS9.5AI score0.00748EPSS
Exploits0References7
Veeam
Veeam
added 2023/06/07 12:0 a.m.18 views

The Console Does Not Appear After Being Launched

Challenge After launching the Veeam Backup & Replication Console, the splash screen appears, and the application is shown in the taskbar, but the Console does not appear, and the mouseover preview is blank. Cause The Console's window position is off the edge of the screen. When the Veeam Backup &...

6.7AI score
Exploits0Affected Software1
OSV
OSV
added 2022/10/21 6:15 p.m.3 views

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit...

9.8CVSS5.8AI score0.00623EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.5 views

Siemens Mendix Applications using Mendix 9 注入漏洞

Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...

6.5CVSS5.6AI score0.00602EPSS
Exploits0References4
OSV
OSV
added 2021/01/05 3:15 p.m.4 views

CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service daemon crash via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslo...

7.5CVSS7.2AI score0.07599EPSS
Exploits3References2
Rows per page
Query Builder