Lucene search
+L

515 matches found

cnnvd
cnnvd
added 2026/02/11 12:0 a.m.6 views

ZLAN5143D 访问控制错误漏洞

ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from an inability to enforce authentication properly. This vulnerability allows attackers to directly access internal URLs...

9.8CVSS7.5AI score0.00732EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/09 7:23 p.m.7 views

CVE-2026-2165

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...

9.8CVSS5.2AI score0.0057EPSS
Exploits1References1
nvd
nvd
added 2026/02/05 5:16 p.m.20 views

CVE-2020-37143

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successfu...

7.5CVSS0.00337EPSS
Exploits0References3
cnvd
cnvd
added 2026/02/05 12:0 a.m.4 views

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00485EPSS
Exploits0
redhatcve
redhatcve
added 2026/01/29 3:26 a.m.48 views

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

8.2CVSS5.9AI score0.00134EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/01/26 3:10 p.m.12 views

CVE-2026-24127

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

6.1CVSS5.9AI score0.00254EPSS
Exploits1References1
cve
cve
added 2026/01/23 11:1 p.m.16 views

CVE-2026-24127

CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/01/23 11:1 p.m.5 views

CVE-2026-24127 Typemill has Reflected XSS via login error view template

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

5.4CVSS5.5AI score0.00254EPSS
Exploits1References5
cve
cve
added 2026/01/22 10:37 p.m.14 views

CVE-2025-53968

CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...

7.5CVSS5.6AI score0.00376EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/01/16 12:0 a.m.19 views

Delta Electronics DIAView 安全漏洞

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
cve
cve
added 2026/01/14 11:53 a.m.33 views

CVE-2025-66005

InputPlumber’s InputManager D‑Bus interface lacks authorization in versions before v0.63.0, allowing local impact in the active user session: Denial‑of‑Service, information disclosure, or privilege escalation. Affected component: InputPlumber (InputManager D‑Bus). Root cause: missing authorizatio...

8.5CVSS6.3AI score0.002EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 12:21 p.m.8 views

CVE-2018-14705

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...

10CVSS6.7AI score0.01853EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:29 a.m.11 views

CVE-2021-27569

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

5.3CVSS7AI score0.00637EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...

7.8CVSS7.2AI score0.00154EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:58 a.m.12 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References1
snyk
snyk
added 2026/01/07 11:57 p.m.4 views

Missing Authentication for Critical Function

Overview wolfssl is a Python module that encapsulates wolfSSL's C SSL/TLS library. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper enforcement of client certificate requirements in the CERTREQUIRED process. An attacker can gain...

9.3CVSS6.8AI score0.00272EPSS
Exploits0References2
github
github
added 2026/01/01 6:30 a.m.8 views

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References6Affected Software1
alpinelinux
alpinelinux
added 2026/01/01 4:39 a.m.4 views

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.4 views

PT-2026-1000

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...

5.3CVSS6.7AI score0.00356EPSS
Exploits0References9
cnnvd
cnnvd
added 2025/12/24 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x, which stems from a failure...

4.3CVSS6.2AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder