Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.4 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

5.2AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

4.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:24 p.m.12 views

CVE-2026-11890

The CVE-2026-11890 entry concerns Devolutions Server versions 2026.1.21 and 2026.2.5, where improper access control in PAM account discovery allows an authenticated user to retrieve account discovery scan results. The connected documents confirm affected software and the root cause (in PAM accoun...

4.3CVSS5.3AI score0.00162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:24 p.m.20 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.8 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:8 p.m.7 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 2:8 p.m.10 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.8AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 2:8 p.m.38 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:8 p.m.10 views

EUVD-2026-33937

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2026/05/23 7:16 p.m.17 views

CVE-2018-25350

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...

9.8CVSS0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 8:45 a.m.40 views

CVE-2024-0391 Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

5.3CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:45 a.m.9 views

CVE-2024-0391 Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 11:49 p.m.6 views

GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

6.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 11:49 p.m.11 views

Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

5.8AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

Medtronic CareLink Network 安全漏洞

Medtronic CareLink Network is an open source platform for remote monitoring of cardiac patients by Medtronic in the United States. A security vulnerability exists in versions of Medtronic CareLink Network prior to December 4, 2025, which originates from an unauthenticated, remote attacker who can...

5.3CVSS6.5AI score0.00251EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/11/25 11:30 a.m.7 views

WhatsApp closes loophole that let researchers collect data on 3.5B accounts

Messaging giant WhatsApp has around three billion users in more than 180 countries. Researchers say they were able to identify around 3.5 billion registered WhatsApp accounts thanks to a flaw in the software. That higher number is possible because WhatsApp’s API returns all accounts registered to...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-7330

Malware in sbrugna...

5.3CVSS5.6AI score0.00952EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-46681

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00462EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-3010

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00657EPSS
Exploits0References1
Rows per page
Query Builder