Lucene search
+L

515 matches found

CVE
CVE
added 2026/03/12 7:43 p.m.21 views

CVE-2026-32269

Parse Server vulnerability CVE-2026-32269 affects deployments using the OAuth2 adapter with both appidField and appIds configured. The issue stems from incorrect validation of app IDs where a malformed value is sent to the token introspection endpoint instead of the user’s actual access token, po...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2025-208587

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References4
NVD
NVD
added 2026/03/11 5:16 p.m.8 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS0.00889EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 12:13 a.m.20 views

GHSA-VGH8-C6FP-7GCG Sylius has a XSS vulnerability in checkout login form

Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/11 12:13 a.m.7 views

Sylius has a XSS vulnerability in checkout login form

Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.5 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 12:0 a.m.133 views

CVE-2025-67038

Summary: CVE-2025-67038 affects Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module concatenates the username into a shell command used for logging on authentication failures, allowing injection of arbitrary OS commands with root privileges. Multiple sources (NVD, Red Hat, CISA KEV, CNNVD) describe ...

9.8CVSS5.9AI score0.00889EPSS
In wildExploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:27 p.m.3 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

5.3CVSS5.7AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:27 p.m.39 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

5.3CVSS0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9930

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.6 views

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

6.2AI score0.00461EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/02 9:49 p.m.9 views

OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/02 9:49 p.m.9 views

GHSA-VPJ2-69HF-RPPW OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.5CVSS5.9AI score0.0011EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.13 views

PT-2026-26422

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1 Description OpenClaw does not correctly manage authentication bootstrap errors during startup, which can allow browser-control routes to remain accessible without authentication. Local processes or...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.7 views

CVE-2026-27767

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 4:27 p.m.6 views

GO-2026-4539 Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2

Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2...

9.3CVSS5.4AI score0.00267EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/26 7:57 a.m.25 views

CVE-2026-1695 XSS vulnerability upon unsuccessful authentication

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

5.3CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.10 views

PT-2026-8328

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The Mattermost application and its Zoom plugin do not...

9.9CVSS5.2AI score0.34346EPSS
Exploits45References117
Rows per page
Query Builder