563549 matches found
CVE-2026-50751
CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...
CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...
EUVD-2026-35047
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...
CVE-2026-50751
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...
Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...
SUSE-SU-2026:2299-1 Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...
CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...
OWASP_Top10_Web_Pentest
🔓 Week 04 — Web Application Penetration Testing OWASP Top 10...
Exploit for CVE-2026-1555
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ █████...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx
FreePBX CVE-2025-57819 — Unauthenticated SQLi to Root RCE...
CVE-2026-9506 Path Traversal Vulnerability in Bagisto
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...
CVE-2026-9506 Path Traversal Vulnerability in Bagisto
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...
CVE-2026-9506
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...
EUVD-2026-35036
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...
CVE-2026-11459
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...
Smart_Contract_Researcher_POC
Smart Contract Security Research Portfolio hailthelord...
CVE-2026-3238 Samba: denial of service against ad dc wins server
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...
CVE-2026-3238
CVE-2026-3238 affects Samba’s WINS server in AD DCs, where unauthenticated UDP packets can trigger a NULL pointer dereference and crash the WINS service. Public details confirm the issue is a denial of service vector; no exploit details are provided in the documents. Remediation publicly document...
CVE-2026-3238 Samba: denial of service against ad dc wins server
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...
EUVD-2026-35033
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...