Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS5.4AI score0.00498EPSS
Exploits1References1
CVE
CVE
added 2026/06/04 12:17 a.m.19 views

CVE-2026-7764

The CVE-2026-7764 entry documents an out-of-bounds read in Morse Micro HaLowLink 2 software (versions prior to 2.11.12) affecting the morse.ko HaLow Wi‑Fi kernel driver. An unauthenticated attacker within radio range can trigger a heap out-of-bounds read (up to 9 bytes) or a Denial of Service by ...

6.8CVSS5.7AI score0.0013EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:1 p.m.20 views

CVE-2026-8237

CVE-2026-8237 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an IDOR in the /ccm/frontend/conversations/message_detail endpoint, which can expose full content of conversation messages, including those from restricted pages, member-only areas, and the moderation queue, as well as fil...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 11:2 p.m.11 views

free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...

10CVSS5.8AI score0.00331EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/05/08 3:14 p.m.21 views

CVE-2026-41070

OpenVPN OAuth2 plugin flaw exists in the experimental plugin mode: from v1.26.3 to before v1.27.3, clients that do not support WebAuth/SSO (e.g., Linux openvpn CLI) could be admitted even when authentication logic denied access. Root cause: in handleAuthUserPassVerify, ClientAuthDeny wrote "0" to...

10CVSS5.8AI score0.00438EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39246

Name of the Vulnerable Software and Affected Versions free5GC versions 4.1.0 through 4.2.1 Description A nil-pointer dereference occurs in the PCF HandleCreateSmPolicyRequest function when a downstream OpenAPI consumer call to the UDR lookup returns a 404 Not Found error. The handler logs the err...

7.5CVSS5.9AI score0.00404EPSS
Exploits1References9
OSV
OSV
added 2026/05/06 11:49 p.m.7 views

GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

6.9CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1644

Malware in sbrugna...

6.5CVSS6.5AI score0.0133EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-1962

Malware in sbrugna...

6.1CVSS6.7AI score0.01032EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.8 views

PT-2025-39884

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application expose interna...

10CVSS6.9AI score0.00936EPSS
Exploits1References8
CVE
CVE
added 2025/08/23 6:43 a.m.25 views

CVE-2025-5060

CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...

8.1CVSS5.9AI score0.00376EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-0173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Validation of Consistency within input in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windo...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 4:14 p.m.35 views

CVE-2025-8415

CVE-2025-8415 affects Cryostat: the Cryostat HTTP API binds to all network interfaces, which can expose the API port externally if Network Policies are disabled. The vulnerability enables an unauthenticated attacker to jeopardize the environment, with CVSS 3.1 base metrics indicating network acce...

5.9CVSS6.5AI score0.00296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.5 views

PT-2025-20684 · Netvision · Isoinsight

Name of the Vulnerable Software and Affected Versions: ISOinsight from Netvision affected versions not specified Description: The issue allows unauthenticated remote attackers to access certain system functions, including viewing the administrator list, viewing and editing IP settings, and...

6.9CVSS6.4AI score0.00309EPSS
Exploits0References7
NCSC
NCSC
added 2022/07/20 12:0 a.m.9 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in several MySQL products: Enterprise Manager Base Platform Oracle Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for MySQL Database A malicious party can exploit the vulnerabilities to cause the following categories of damage: The...

10CVSS6.5AI score0.85315EPSS
Exploits26
OSV
OSV
added 2017/04/24 7:59 p.m.3 views

CVE-2017-3614

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

7CVSS5.8AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2001/01/08 12:0 a.m.27 views

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

5.6AI score
Exploits0References2
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.17 views

Security Update for Windows 7 for x64-based Systems (KB2506212)

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...

2.7AI score
Exploits0
Rows per page
Query Builder