Lucene search
K

1858 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-39455 BIG-IP Configuration utility vulnerability

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.48 views

CVE-2026-45005 OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

6CVSS0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/10 1:0 a.m.5 views

CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

7.5CVSS5.6AI score0.00391EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/09 7:38 p.m.22 views

EUVD-2026-28925

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.10 views

RockyLinux 8 : dovecot (RLSA-2026:13830)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13830 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References7
EUVD
EUVD
added 2026/05/05 8:49 p.m.25 views

EUVD-2026-27133

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback...

6.5CVSS5.8AI score0.00299EPSS
Exploits1References3
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-431 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.4AI score0.00413EPSS
Exploits1References6
CVE
CVE
added 2026/04/30 6:22 p.m.10 views

CVE-2026-40600

Chartbrew prior to 5.0.0 allowed cross-project modification of SharePolicy because policy_id was not verified against the target project. Authenticated users with access to one project could update/delete sharing rules (visibility, password requirements, allowed parameters, expiration). Patch rel...

8.1CVSS5.3AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 11:36 p.m.6 views

BIT-AUTHENTIK-2025-64521 authentik deactivated service accounts can authenticate to OAuth

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

4.8CVSS7.2AI score0.00197EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/16 9:5 a.m.9 views

WordPress Barcode Scanner (+Mobile App) plugin <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability

Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.11.0...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32932

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 2026/04/13 10:20 a.m.5 views

BIT-TOMCAT-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/12 9:30 p.m.11 views

EUVD-2026-21744

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 2026/04/09 8:16 p.m.1 views

DEBIAN-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.3AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 8:16 p.m.5 views

UBUNTU-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 7:26 p.m.12 views

CVE-2026-35476

Summary : InvenTree (Open Source Inventory Management System) contains a privilege escalation flaw present before versions 1.2.7 and 1.3.0. A non-staff authenticated user can raise their account to staff level by sending a POST request to their user account endpoint because the API endpoint’s wri...

7.2CVSS6AI score0.00145EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/08 8:11 a.m.6 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References5
OSV
OSV
added 2026/04/07 6:31 p.m.5 views

GHSA-QFFM-GF3J-6MVG Apache Cassandra has an authenticated DoS over CQL

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

2.3CVSS5.8AI score0.00533EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 4:16 p.m.12 views

PYSEC-2026-28

changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @loginoptionallyrequired decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the...

9.8CVSS5.8AI score0.00536EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.7 views

RHEL 10 : nginx (RHSA-2026:6906)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6906 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

8.8CVSS6.3AI score0.21621EPSS
Exploits0References10
Rows per page
Query Builder