Lucene search
K

2123 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.2 views

PT-2026-30942

ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting XSS vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue persists in versions patched for CVE-2023-38766 and allows an authenticated user to inject arbitrar...

8.7CVSS6AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 3:6 p.m.10 views

CVE-2026-33746

Convoy (KVM server management panel) is vulnerable in versions 3.9.0-beta through

9.8CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.16 views

CVE-2026-34821 Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00157EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.6 views

SUSE CVE-2026-33063

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

8.7CVSS6AI score0.00652EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 3:31 p.m.14 views

CVE-2026-4959

OpenBMB XAgent 1.0.0 contains a vulnerability in the ShareServer WebSocket Endpoint (XAgentServer/application/websockets/share.py, function check_user). Manipulating the argument interaction_id results in missing authentication, enabling remote exploitation. The exploit has been publicized, and t...

7.5CVSS6.6AI score0.0043EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:31 p.m.2 views

CVE-2026-23484

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.3 views

PT-2026-26753

Name of the Vulnerable Software and Affected Versions Vikunja affected versions not specified Description A flaw in the password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password rese...

8.1CVSS5.9AI score0.00363EPSS
Exploits1References7
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.5 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:43 a.m.5 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:40 p.m.3 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23215

Name of the Vulnerable Software and Affected Versions ESC/POS affected versions not specified Description ESC/POS, a printer control language developed by Seiko Epson Corporation, does not include user authentication or command authorization features. It also lacks controls to limit network...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References10
Snyk
Snyk
added 2026/02/26 10:45 p.m.3 views

Improper Authentication

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Improper Authentication in the Chat Trigger node when configured with n8n User Auth authentication. An attacker can gain unauthorized access by circumventing the authentication check. Note: This is only...

6.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/26 10:45 p.m.9 views

n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

5.3AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/26 10:45 p.m.5 views

GHSA-JH8H-6C9Q-7GMW n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

6.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
added 2026/02/06 8:47 p.m.6 views

EUVD-2026-5580

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 8:47 p.m.8 views

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References5
CVE
CVE
added 2026/01/27 9:57 p.m.16 views

CVE-2026-24778

Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/09 11:48 a.m.5 views

CVE-2009-4517

Cross-site request forgery CSRF vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content...

6.8CVSS7.6AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.6 views

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.5CVSS7.1AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.9 views

CVE-2019-18187

Trend Micro OfficeScan versions 11.0 and XG 12.0 could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution RCE. The remote process...

8.8CVSS7.7AI score0.25125EPSS
Exploits0References1
Rows per page
Query Builder