19 matches found
CVE-2026-6270
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...
CVE-2026-7764
The CVE-2026-7764 entry documents an out-of-bounds read in Morse Micro HaLowLink 2 software (versions prior to 2.11.12) affecting the morse.ko HaLow Wi‑Fi kernel driver. An unauthenticated attacker within radio range can trigger a heap out-of-bounds read (up to 9 bytes) or a Denial of Service by ...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...
CVE-2026-8237
CVE-2026-8237 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an IDOR in the /ccm/frontend/conversations/message_detail endpoint, which can expose full content of conversation messages, including those from restricted pages, member-only areas, and the moderation queue, as well as fil...
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers
Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...
CVE-2026-41070
OpenVPN OAuth2 plugin flaw exists in the experimental plugin mode: from v1.26.3 to before v1.27.3, clients that do not support WebAuth/SSO (e.g., Linux openvpn CLI) could be admitted even when authentication logic denied access. Root cause: in handleAuthUserPassVerify, ClientAuthDeny wrote "0" to...
PT-2026-39246
Name of the Vulnerable Software and Affected Versions free5GC versions 4.1.0 through 4.2.1 Description A nil-pointer dereference occurs in the PCF HandleCreateSmPolicyRequest function when a downstream OpenAPI consumer call to the UDR lookup returns a 404 Not Found error. The handler logs the err...
GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...
EUVD-2017-1644
Malware in sbrugna...
EUVD-2017-1962
Malware in sbrugna...
PT-2025-39884
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application expose interna...
CVE-2025-5060
CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...
Linux Distros Unpatched Vulnerability : CVE-2021-0173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Validation of Consistency within input in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windo...
CVE-2025-8415
CVE-2025-8415 affects Cryostat: the Cryostat HTTP API binds to all network interfaces, which can expose the API port externally if Network Policies are disabled. The vulnerability enables an unauthenticated attacker to jeopardize the environment, with CVSS 3.1 base metrics indicating network acce...
PT-2025-20684 · Netvision · Isoinsight
Name of the Vulnerable Software and Affected Versions: ISOinsight from Netvision affected versions not specified Description: The issue allows unauthenticated remote attackers to access certain system functions, including viewing the administrator list, viewing and editing IP settings, and...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products: Enterprise Manager Base Platform Oracle Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for MySQL Database A malicious party can exploit the vulnerabilities to cause the following categories of damage: The...
CVE-2017-3614
Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...
Informix webdriver CGI Unauthenticated Database Access
The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...
Security Update for Windows 7 for x64-based Systems (KB2506212)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...