Lucene search
K

748 matches found

Cvelist
Cvelist
added 2026/03/20 4:21 p.m.27 views

CVE-2025-62844 QuRouter

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

7CVSS0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

QNAP Systems QHora 安全漏洞

QNAP Systems QHora is a router product of QNAP Systems, a company based in Taiwan, China. QNAP Systems QHora has a security vulnerability that stems from weak authentication procedures. This vulnerability could allow attackers with access to the local network to obtain sensitive information...

7CVSS7AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26634

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.2.007 Description A weak authentication issue exists in QHora. An attacker with local network access can exploit this to obtain sensitive information. Recommendations Update to version 2.6.2.007 or later...

7CVSS7AI score0.00197EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/17 7:50 p.m.3 views

Weak Authentication

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Weak Authentication in the user sign up. An attacker can create authenticated sessions without providing valid credentials b...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25951

CVE-2026-1267 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of pro… https://t.co/BQ9nfoG4xS...

6.5CVSS5.8AI score0.0033EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Socomec socomec DIRIS A-40 访问控制错误漏洞

Socomec DIRIS A-40 is an electrical device designed by the French company Socomec for power metering and monitoring. The Socomec DIRIS A-40 has a vulnerability related to access control, which stems from insufficient authentication in the Web API implementation. This vulnerability could allow...

6.3CVSS6.6AI score0.00388EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.5 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

9.1CVSS0.00381EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:27 p.m.4 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS5.8AI score0.00381EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/10 7:44 a.m.7 views

CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

7.1CVSS0.00311EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of forced strong authentication during active sessions, allowing attacker...

9.1CVSS5.8AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24340

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server, an open collaboration infrastructure for The Internet of Agents, did not enforce strong authentication between agents and the server during active sessions. This could allow an...

9.1CVSS5.7AI score0.00381EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.7.5 and earlier, as well as 1.1.15 and earlier, have security vulnerabilities. These...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 8:43 a.m.5 views

CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...

6.5CVSS5.8AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 8:43 a.m.17 views

CVE-2026-1627

The CVE-2026-1627 entry relates to the use of outdated and weak MAC algorithms in the SSH service of SICK LMS1000 and SICK MRS1000 devices. The underlying issue is weak cryptographic configurations in SSH that may allow an attacker with network access to observe or manipulate SSH communications, ...

8.1CVSS5.8AI score0.002EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 4:13 p.m.3 views

CVE-2026-20126 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

8.8CVSS5.6AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an integrated network protection solution for businesses and enterprises developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management,...

10CVSS7.3AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 7:17 p.m.9 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.27661EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/13 6:44 p.m.5 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS5.7AI score0.27661EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/13 6:44 p.m.85 views

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.27661EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.5 views

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

7.5CVSS5.5AI score0.00512EPSS
Exploits0References1
Rows per page
Query Builder