Lucene search
K

2769 matches found

Nuclei
Nuclei
added yesterday18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS5.9AI score0.02663EPSS
Exploits3References1
NVD
NVD
added 2 days ago5 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS0.00391EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-55435

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret...

5.4CVSS0.0032EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-8925

A flaw was found in curl. The logic handling SASL Simple Authentication and Security Layer authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker...

9.8CVSS6AI score0.00783EPSS
Exploits1References6
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS0.00291EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score0.00291EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-58455

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS0.0119EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:18 a.m.6 views

WordPress Sendcloud Shipping plugin <= 1.0.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.31...

5.3CVSS5.9AI score0.00184EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/30 5:4 a.m.13 views

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...

9.8CVSS6AI score0.00677EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Apache Tomcat 10.1.0.M1 < 10.1.56 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.56. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.56security-10 advisory. - Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the...

9.1CVSS6AI score0.00423EPSS
Exploits1References14
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:29 p.m.16 views

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 11:53 a.m.11 views

CVE-2026-56237

CVE-2026-56237 — Capgo : Capgo prior to 12.128.2 has a broken authentication vulnerability in its API key generation. API keys are exposed in frontend requests, and the backend does not validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the ...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/21 3:15 a.m.7 views

CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/20 12:14 a.m.9 views

EUVD-2026-38098

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.24 views

CVE-2026-56081

Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account...

9.3CVSS0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51039

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...

9.3CVSS5.9AI score0.00351EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:39 p.m.7 views

CVE-2026-32174

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.3AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37623

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References2
Rows per page
Query Builder