Lucene search
K

2540 matches found

CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.11 contained a security vulnerability. This vulnerability stemmed from...

8.2CVSS5.8AI score0.00326EPSS
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.13 views

[20260512] - Core - MFA Authentication Bypass

Incorrectly resetted session states to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.4 views

CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

8.8CVSS5.9AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 3:32 p.m.3 views

EUVD-2026-17106

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

5.9AI score0.00202EPSS
Exploits0References5
NVD
NVD
added 2026/03/30 3:16 p.m.6 views

CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

8.8CVSS0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/30 9:18 a.m.15 views

CVE-2026-5128

...

0.00144EPSS
Exploits0
CVE
CVE
added 2026/03/30 9:18 a.m.17 views

CVE-2026-5128

CVE-2026-5128 affects ArthurFiorette steam-trader 2.1.1 and exposes sensitive Steam account data via the /users API endpoint without authentication, enabling retrieval of usernames, passwords, identity secrets, and shared secrets. Application logs may also disclose authentication artifacts (acces...

5.9AI score0.00144EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.3 views

CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

5.9AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.21 views

CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

0.00202EPSS
Exploits0References4
CVE
CVE
added 2026/03/30 12:0 a.m.17 views

CVE-2026-33373

CVE-2026-33373 affects Zimbra Collaboration (ZCS) 10.0 and 10.1. The vulnerability is a Cross-Site Request Forgery (CSRF) in the Zimbra Web Client where authentication tokens issued during certain account state transitions (e.g., enabling 2FA or changing a password) may lack CSRF protection, allo...

8.8CVSS5.9AI score0.00202EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29034

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

5.9AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.2 views

CVE-2026-33882

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.3 views

SUSE CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.9AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.2 views

SUSE CVE-2026-33315

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav endpoint allows login using Basic Authentication, which in turn allows users to bypass the TOTP on 2FA-enabled accounts. The user can then access standard project information that would normally be...

6.9CVSS5.8AI score0.00302EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.2 views

SUSE CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.9AI score0.00258EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:36 p.m.2 views

CVE-2026-33882

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 8:36 p.m.4 views

CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 8:36 p.m.5 views

CVE-2026-33882

Statamic CMS vulnerability CVE-2026-33882 affects Statamic versions prior to 5.73.16 and 6.7.2. The issue lies in the markdown preview endpoint, which could be manipulated to return augmented data from arbitrary fieldtypes. In particular, the users fieldtype could be leveraged by an authenticated...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 12:15 p.m.4 views

BIT-GITLAB-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.9AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 7:3 p.m.4 views

GHSA-CVH3-23VQ-W7H4 Statamic's Markdown preview endpoint exposes sensitive user data

Impact The markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retrieve sensitive user data including email addresses, encrypted passkey data, and encrypted two-factor...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder