Lucene search
K

403 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-40885

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 6 days ago19 views

CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS0.00727EPSS
Exploits0References2
Debian
Debian
added last week4 views

[SECURITY] [DLA 4646-1] postgresql-13 security update

Debian LTS Advisory DLA-4646-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 24, 2026 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.23-0+deb11u4 CVE ID : CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
EUVD
EUVD
added 2026/06/22 12:50 p.m.6 views

EUVD-2026-38237

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.6 views

PT-2026-51334

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...

6.9CVSS5.8AI score0.0015EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.10 views

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

5.7AI score0.00055EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS5.4AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-24032

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...

7.3CVSS7.1AI score0.00251EPSS
Exploits0References1
Redos
Redos
added 2026/06/05 12:0 a.m.5 views

ROS-20260605-73-0024

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

9.4CVSS5.5AI score0.00347EPSS
Exploits1
Redos
Redos
added 2026/06/05 12:0 a.m.6 views

ROS-20260605-73-0022

The vulnerability in Portainer-Ce is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

8.5CVSS5.5AI score0.00206EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/31 3:30 a.m.7 views

CVE-2026-10167 OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 12:31 p.m.32 views

CVE-2026-49323

The CVE concerns the Indian Motorcycle Scout Bobber + Tech 2025 model year WCM–ECM link. Weak authentication allows an adjacent-network attacker with read access to passively capture one seed/key exchange and recover the per-vehicle immobilizer secret because the WCM’s response uses a reversible,...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/28 8:33 p.m.15 views

FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

5.9AI score0.00089EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44733

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 9:54 p.m.41 views

CVE-2026-46414 Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS0.00502EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

8.8CVSS6.1AI score0.00203EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/05/22 8:48 p.m.11 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References11
NVD
NVD
added 2026/05/19 2:16 p.m.10 views

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS0.00401EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 8:26 p.m.13 views

GHSA-8JJP-R2W2-4V22 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/taskid methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References6
Rows per page
Query Builder