Lucene search
K

510 matches found

redhatcve
redhatcve
added 2026/03/26 3:19 p.m.5 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS6AI score0.00889EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/03/26 3:18 p.m.7 views

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

7.5CVSS5.7AI score0.00392EPSS
Exploits1References1
snyk
snyk
added 2026/03/24 4:35 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the HandleAuthenticationFailure function of the AMF component. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Details Denial of Service DoS describes a...

8.7CVSS5.8AI score0.00392EPSS
Exploits1References2
euvd
euvd
added 2026/03/24 3:30 p.m.5 views

EUVD-2026-14889

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

7.5CVSS5.7AI score0.00392EPSS
Exploits1References2
nvd
nvd
added 2026/03/24 3:16 p.m.3 views

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

7.5CVSS0.00392EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/24 12:0 a.m.10 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.0 contain security vulnerabilities, which stem from issues with the HandleAuthenticationFailure function in the AMF component. These vulnerabilities may lead to denial-of-service...

7.5CVSS5.8AI score0.00392EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.6 views

PT-2026-27438

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

5.7AI score0.00392EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/24 12:0 a.m.20 views

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

0.00392EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/24 12:0 a.m.8 views

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

7.5CVSS5.7AI score0.00392EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/24 12:0 a.m.1 views

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

5.7AI score0.00392EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/03/23 12:0 a.m.8 views

PT-2026-31699

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.83 through 9.0.115 Apache Tomcat versions 10.1.0-M7 through 10.1.52 Apache Tomcat versions 11.0.0-M1 through 11.0.18 Apache Tomcat Native versions 1.1.23 through 1.1.34 Apache Tomcat Native versions 1.2.0 through...

9.8CVSS5.8AI score0.21691EPSS
Exploits8References136
cve
cve
added 2026/03/18 5:18 a.m.30 views

CVE-2026-32596

CVE-2026-32596 describes an information-disclosure in Glances prior to 4.5.2, where starting the web server with the default command (glances -w) runs without authentication and exposes a REST API over the network. This allows remote attackers to access sensitive system information, including ful...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/17 12:16 p.m.6 views

UBUNTU-CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/17 8:34 a.m.6 views

CVE-2026-4208

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider...

7.7CVSS5.8AI score0.00256EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/03/16 2:17 p.m.5 views

CVE-2025-52638

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configuratio...

7.2CVSS0.00127EPSS
Exploits0References1
cve
cve
added 2026/03/12 7:43 p.m.18 views

CVE-2026-32269

Parse Server vulnerability CVE-2026-32269 affects deployments using the OAuth2 adapter with both appidField and appIds configured. The issue stems from incorrect validation of app IDs where a malformed value is sent to the token introspection endpoint instead of the user’s actual access token, po...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/03/11 6:30 p.m.4 views

EUVD-2025-208587

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References4
nvd
nvd
added 2026/03/11 5:16 p.m.6 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS0.00889EPSS
Exploits1References2
github
github
added 2026/03/11 12:13 a.m.6 views

Sylius has a XSS vulnerability in checkout login form

Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/11 12:13 a.m.17 views

GHSA-VGH8-C6FP-7GCG Sylius has a XSS vulnerability in checkout login form

Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder