Lucene search
+L

12052 matches found

snyk
snyk
added 2026/07/02 1:46 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00516EPSS
Exploits1References2
github
github
added 2026/07/02 1:46 p.m.9 views

GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...

8.3CVSS7.2AI score0.00696EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57275

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
nvd
nvd
added 2026/07/02 4:17 a.m.9 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 2:24 a.m.9 views

EUVD-2026-41237

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/02 2:24 a.m.7 views

CVE-2026-57275

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/07/02 2:24 a.m.17 views

CVE-2026-57275

Geovision GeoWebPlayer Websocket Server connectInfo handler is vulnerable to stack-based buffer overflows in multiple fields when handling JSON input (username, password, username_enc, password_enc, key, ip). Affected product: GeoWebPlayer (GeoVision software family), with version context cited b...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 2:23 a.m.8 views

EUVD-2026-41235

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/02 2:23 a.m.10 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.14 views

PT-2026-55274

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Description The default Authorizer function in the BasicAuth middleware, located in middleware/basicauth/config.go, uses short-circuit evaluation when validating credentials. If a username does not exist, the syst...

5.3CVSS6AI score0.00516EPSS
Exploits1References11
osv
osv
added 2026/07/01 5:40 p.m.3 views

CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.3CVSS5.9AI score0.00221EPSS
Exploits1References3
cve
cve
added 2026/07/01 11:59 a.m.23 views

CVE-2026-53908

CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54834

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References7
talos
talos
added 2026/07/01 12:0 a.m.8 views

GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities

Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...

8.3CVSS6.4AI score0.00286EPSS
Exploits0
thn
thn
added 2026/06/29 4:9 p.m.27 views

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to...

5.8AI score
Exploits0
cvelist
cvelist
added 2026/06/29 3:30 p.m.38 views

CVE-2026-13582 Edimax EW-7478APC POST Request formUSBAccount buffer overflow

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...

9CVSS0.00455EPSS
Exploits0References5
redhat
redhat
added 2026/06/29 3:13 p.m.12 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-302 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

9.6CVSS6AI score0.01831EPSS
Exploits1References7
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-300 Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

9.3CVSS5.8AI score0.00445EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/29 11:30 a.m.7 views

CVE-2026-13563

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00445EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder