249 matches found
CVE-2026-56968
CVE-2026-56968 affects GNU SASL versions prior to 2.2.4. The NTLM client’s short challenge in the function _gsasl_ntlm_client_step has inadequate sanitization, which can lead to memory disclosure when interacting with a crafted server. Public sources (SUSE, Debian OSV, Ubuntu/Ubuntu-related advis...
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...
GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
EUVD-2026-36725
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
PT-2026-49575
Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...
CVE-2026-50508
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
...
CVE-2026-50508
CVE-2026-50508 describes an exposure of sensitive information in Windows NTLM that enables an unauthenticated network-based spoofing capability. The vulnerability affects the Windows NTLM authentication path and is documented with a network attack vector and a high confidentiality impact. Public ...
CVE-2026-50508 Windows NTLM Spoofing Vulnerability
...
Windows NTLM Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
PT-2026-48124
Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an attacker to perform spoofing over a network, which can affect the system. Recommendations At the...
CVE-2026-8993
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
Seagull BarTender 代码问题漏洞
Seagull BarTender is an enterprise-level labeling, barcode, and RFID design and printing software developed by Seagull Corporation in the United States. Versions of Seagull BarTender 2010, 2016, and 2019 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated and improperly...
Astra Linux – Vulnerability in exim4
Exim NTLM Challenge Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the handling of NTLM...
PT-2026-34821
Name of the Vulnerable Software and Affected Versions go-ntlmssp versions prior to 0.1.1 Description A malicious NTLM challenge message can cause a slice out of bounds panic, leading to a crash of any Go process utilizing ntlmssp.Negotiator as an HTTP transport. Recommendations Update to version...
CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...
CVE-2026-40107
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...
EUVD-2026-18039
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows...
CVE-2026-25171
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...