Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6464 matches found

CVE
CVEadded 2026/03/27 2:13 p.m.8 views

CVE-2026-4984

CVE-2026-4984 affects Botpress’s Twilio integration webhook handler. The vulnerability arises because the webhook accepts POST requests without validating Twilio’s X-Twilio-Signature, and when processing media messages it fetches user-controlled URLs (MediaUrlN) via HTTP requests that include the...

8.2CVSS5.9AI score0.00008EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 11:47 a.m.1 views

BIT-NATS-2026-27889 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS6AI score0.00094EPSS
Exploits0References3
SUSE Linux
SUSE Linuxadded 2026/03/27 10:4 a.m.3 views

Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...

8.7CVSS6.4AI score0.00076EPSS
Exploits0References28
EUVD
EUVDadded 2026/03/27 9:31 a.m.3 views

EUVD-2026-16563

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/27 9:31 a.m.4 views

EUVD-2026-16561

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

7.7CVSS5.9AI score0.00034EPSS
Exploits0References2
OSV
OSVadded 2026/03/27 9:16 a.m.3 views

ALPINE-CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.9AI score0.00034EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 9:16 a.m.5 views

ALPINE-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

5.9CVSS5.9AI score0.00042EPSS
Exploits1References1
NVD
NVDadded 2026/03/27 9:16 a.m.1 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS0.00034EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 9:16 a.m.5 views

ALPINE-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

7.5CVSS5.9AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/27 8:10 a.m.22 views

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

3.7CVSS0.00039EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 8:10 a.m.6 views

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

3.7CVSS6AI score0.00039EPSS
Exploits1References2
CVE
CVEadded 2026/03/27 8:10 a.m.6 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to a replay attack under specific conditions: if auth cache is enabled and the username is altered in passdb, OTP credentials can be cached so that the same OTP response remains valid. An attacker who observes an OTP exchange can log in as the targeted use...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References1Affected Software2
AlpineLinux
AlpineLinuxadded 2026/03/27 8:10 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 8:10 a.m.6 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References2
AlpineLinux
AlpineLinuxadded 2026/03/27 8:10 a.m.0 views

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.9AI score0.00034EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/27 8:10 a.m.24 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS0.00042EPSS
Exploits1References1
CVE
CVEadded 2026/03/27 8:10 a.m.8 views

CVE-2025-59028

CVE-2025-59028 affects Dovecot’s authentication path where invalid base64 SASL data can disconnect from the auth server, causing DoS of concurrent logins. Public advisories (openSUSE/SUSE openSUSE:20554-1, SLES16 SUSE-SU-2026:21208-1, Ubuntu USN-8136-1) indicate the issue in the dovecot24 package...

7.5CVSS5.9AI score0.0009EPSS
Exploits0References1Affected Software2
OSV
OSVadded 2026/03/27 7:14 a.m.3 views

BIT-PARSE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the...

9.1CVSS5.8AI score0.00028EPSS
Exploits0References6
OSV
OSVadded 2026/03/27 7:10 a.m.3 views

BIT-NGINX-GATEWAY-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.9AI score0.00064EPSS
Exploits0References2
OSV
OSVadded 2026/03/27 7:10 a.m.2 views

BIT-NGINX-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.9AI score0.00064EPSS
Exploits0References2
Rows per page
Query Builder