Lucene search
K

3063 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.11 views

RockyLinux 9 : dovecot (RLSA-2026:19364)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19364 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References7
OSV
OSV
added 2026/05/29 4:36 p.m.5 views

OPENSUSE-SU-2026:20847-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication bsc1264174...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 10:17 p.m.16 views

CVE-2026-45364

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS0.00295EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 10:16 p.m.17 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS0.00316EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 8:59 p.m.13 views

EUVD-2026-33059

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.23 views

PT-2026-44172

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $ SERVER'PHP SELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$ SERVER'PHP SELF' in the login...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

Debian dla-4605 : python-flask-httpauth-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4605 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:2 p.m.9 views

CVE-2026-44720

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/27 5:34 p.m.12 views

Open Redirect

Overview org.jenkins-ci.plugins:bitbucket-oauth is a Jenkins Plugin that supports authentication via Bitbucket OAuth. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious sites by craftin...

5.1CVSS5.8AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 9:16 p.m.29 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS0.00398EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/22 8:48 p.m.20 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS0.00398EPSS
Exploits0References11
CVE
CVE
added 2026/05/22 8:48 p.m.61 views

CVE-2026-3294

CVE-2026-3294 concerns an authentication logic vulnerability in multiple TP-Link range extenders. The issue allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation, enabling full administrative c...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:48 p.m.8 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References12
OSV
OSV
added 2026/05/22 1:22 p.m.8 views

OESA-2026-2444 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

7.5CVSS7AI score0.0077EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from an oversight in the handling of OAuth 2.0 authorization codes, which bypasses account status checks. This could...

6.4CVSS5.8AI score0.00172EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 8:12 p.m.13 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.2AI score0.96267EPSS
Exploits257References5
Cvelist
Cvelist
added 2026/05/19 9:27 a.m.44 views

CVE-2026-31387 Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Pro Cloud Server is a modeling and service platform developed by Sparx Systems in Australia. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server 6.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed fro...

9.3CVSS5.9AI score0.00941EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.8 views

RHEL 8 : dovecot (RHSA-2026:18053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18053 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
Rows per page
Query Builder