Lucene search
K

66 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54139

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Web Authentication Passkeys & Security Keys allows an attacker in a privileged network position to leak cross-origin data through the use of a...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
CVE
CVE
added 2026/06/25 9:15 p.m.38 views

CVE-2026-11703

The CVE-2026-11703 entry describes a vulnerability in stateful (session-ID) TLS resumption where missing SNI/ALPN binding allowed a cached session to be resumed under a different SNI/ALPN than originally negotiated. The root cause is the absence of binding checks for stateful resumption paths, wh...

7.5CVSS5.9AI score0.0021EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/04 5:49 p.m.17 views

epa4all-client: Unauthenticated REST API for Patient Record Writes

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.10 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:31 p.m.8 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

5.8AI score0.00252EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/08 1:31 p.m.21 views

CVE-2026-43334

CVE-2026-43334 concerns the Linux kernel Bluetooth SMP pairing flow. The issue arises in smp_cmd_pairing_req() where the pairing response is built from the initiator auth_req before enforcing the local BT_SECURITY_HIGH, allowing the response to omit SMP_AUTH_MITM if the initiator did. Consequentl...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/04/15 5:17 p.m.5 views

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS0.00299EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:3 p.m.72 views

CVE-2026-20152

Cisco Secure Web Appliance (AsyncOS) authentication service is affected by CVE-2026-20152. The issue stems from improper validation of user-supplied authentication input in HTTP requests, allowing an unauthenticated, remote attacker to bypass authentication policy requirements. According to the p...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.4 views

CVE-2026-20152

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2026/04/03 10:59 a.m.24 views

curl: ignoring 'options' when doing connection reuse

libcurl contains a significant logic flaw in its connection pool matching mechanism. When a transfer specifies a required authentication policy—such as a specific SASL mechanism e.g., ;AUTH=GSSAPI or a restricted set of SSH authentication types CURLOPTSSHAUTHTYPES—libcurl fails to verify these...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/01 10:9 p.m.5 views

EUVD-2026-18089

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:30 p.m.3 views

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...

10CVSS5.8AI score0.00502EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2025/12/26 3:34 p.m.6 views

Airflow externalLogUrl Permission Bypass

1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.5 views

trustee 安全漏洞

trustee is an open source component of Confidential Containers. A security vulnerability exists in trustee versions prior to 0.15.0, which stems from an attestation-policy endpoint that does not validate the identity of a kbs-client, which could result in an arbitrary kbs-client modifying the...

8.7CVSS6.8AI score0.00328EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-20444

Malware in sbrugna...

7.8CVSS7.4AI score0.01061EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-28658

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00571EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.18 views

PT-2025-30439

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.4.4 authentik versions 2025.6.0-rc1 through 2025.6.3 Description Deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can retain partial access to the system...

9.8CVSS5.8AI score0.02095EPSS
Exploits8References50
Fedora
Fedora
added 2025/07/10 4:30 p.m.8 views

[SECURITY] Fedora 41 Update: pam-1.6.1-8.fc41

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

7.8CVSS9.9AI score0.00399EPSS
Exploits0
Fedora
Fedora
added 2025/06/21 1:28 a.m.10 views

[SECURITY] Fedora 42 Update: pam-1.7.0-6.fc42

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

7.8CVSS7.5AI score0.00399EPSS
Exploits0
Rows per page
Query Builder