Lucene search
+L

811 matches found

Nuclei
Nuclei
added yesterday45 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS8.4AI score0.13117EPSS
Exploits6References1
NVD
NVD
added 2 days ago6 views

CVE-2026-15925

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS0.00177EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-33684

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-33684 AVideo's Privilege AVideo: Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-33684

Summary: CVE-2026-33684 affects WWBN AVideo prior to 29.0. The set_api_signUp API path accepts and applies user-supplied emailVerified, canUpload, canStream, and canCreateMeet values to new accounts without confirming a valid APISecret, enabling CAPTCHA-solved (anonymous) or APISecret-authenticat...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-48815

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications...

7.5CVSS0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-48815

A flaw was found in sigstore. The certificateOIDs option, intended to restrict which certificates can sign artifacts, is accepted by the public application programming interface API but is not used during the verification process. This allows unauthorized certificates to be accepted, bypassing...

7.5CVSS6AI score0.0019EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-60109

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 4:6 p.m.13 views

CVE-2026-54919

cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/10 4:6 p.m.31 views

CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 12:5 p.m.5 views

RLSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

Coder 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 AI Bridge Proxy TLS Verification Bypass

The version of Coder installed on the remote host is 2.30.x prior to 2.32.7, 2.33.x prior to 2.33.8, or 2.34.x prior to 2.34.2. It is, therefore, affected by a vulnerability. The AI Bridge Proxy skips TLS certificate verification in the default configuration. The proxy created a goproxy server...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 11:20 p.m.1 views

GHSA-9VCR-P3RJ-Q5Q6 sigstore-go has a multi-log threshold bypass via single compromised log

Impact What kind of vulnerability is it? Who is impacted? A verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or...

5.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 7:55 a.m.35 views

CVE-2026-14245 miniOrange OTP Login, Verification and SMS Notifications <= 5.5.1 - Authentication Bypass to Administrator Account Takeover via 'username_b' Parameter

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS0.00586EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.4 views

PT-2026-56552

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.6.0 Description An issue exists where the server fails to verify if the email address provided in the body of the 'POST /auth-requests/admin-request' endpoint belongs to the authenticated user. This allo...

9.3CVSS6.1AI score0.00186EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/07 8:33 p.m.34 views

CVE-2026-57172 DataEase: Hardcoded JWT Signing Secret in ShareLink

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:33 p.m.6 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder

Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56299

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.6.11 Better Auth versions 1.6.14 and later Description An issue exists in the organization plugin where the acceptInvitation, rejectInvitation, getInvitation, and listUserInvitations endpoints do not sufficientl...

7.7CVSS6.1AI score0.00202EPSS
Exploits0References7
Rows per page
Query Builder