Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2025/10/09 8:20 p.m.3 views

CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials

Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...

5.3CVSS0.00013EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2011-2008

Malware in sbrugna...

9CVSS6.1AI score0.09508EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-16274

Malware in sbrugna...

9.4CVSS9.4AI score0.02957EPSS
Exploits2References5
Positive Technologies
Positive Technologiesadded 2025/05/13 12:0 a.m.4 views

PT-2025-20940 · Microsoft · Defender For Identity

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Identity affected versions not specified Description: The issue is related to improper authentication in Microsoft Defender for Identity, allowing an unauthorized attacker to perform spoofing over an adjacent network...

6.5CVSS9.4AI score0.01691EPSS
Exploits0References27
Veracode
Veracodeadded 2025/01/29 7:32 a.m.5 views

Authentication Bypass

Keycloak is vulnerable to Authentication Bypass. The vulnerability is due to the system updating passwords without performing an LDAP bind to validate the new credentials against Active Directory, allowing users with expired or disabled AD accounts to regain access and bypass AD restrictions...

5.4CVSS5.6AI score0.00046EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2025/01/22 2:34 p.m.300 views

CVE-2025-0604

CVE-2025-0604 is a Keycloak authentication bypass vulnerability where, after an AD password reset, Keycloak updates credentials without performing an LDAP bind to validate them against AD. This can allow access for accounts that are expired or disabled, bypassing AD restrictions. Public details i...

5.4CVSS5.6AI score0.00046EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/01/22 2:34 p.m.18 views

CVE-2025-0604 Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD...

5.4CVSS0.00046EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2017/08/23 12:0 a.m.28 views

Juniper Junos SRX Integrated User Firewall Hardcoded Credentials (JSA10791)

According to its self-reported version and configuration, the remote Juniper Junos device has hardcoded credentials for the Integrated User Firewall UserFW services authentication API. An unauthenticated, remote attacker can exploit this to gain administrative access to the device. TRUSTED...

10CVSS8.4AI score0.03095EPSS
Exploits0References2
Rows per page
Query Builder