Lucene search
K

510 matches found

Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-53763 OP-TEE has AES-GCM 32-bit integer overflow in length counters that breaks authentication guarantee

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 10:11 a.m.32 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:33 a.m.18 views

CVE-2026-7838

UltraVNC viewer up to 1.8.2.2 is affected by an integer overflow leading to a heap buffer overflow in the RFB failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte reasonLen field is used as reasonLen+1 in CheckBufferSize(); with unsigned 32-bit operands, reasonLen 0xFFFFFF...

8.8CVSS6.6AI score0.01403EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-40702

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS0.00378EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/23 12:0 a.m.12 views

VulnCheck KEV: CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS6.1AI score0.00889EPSS
In wildExploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:1 p.m.7 views

CVE-2026-48982

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS5.3AI score0.00088EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.31 views

PT-2026-50703

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References9
Veracode
Veracode
added 2026/06/10 7:20 a.m.15 views

Denial Of Service

Keycloak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of LDAP password policy responses, where a malformed response from a configured LDAP server can trigger an OutOfMemoryError during password authentication processing, causing the Keycloak JVM to termina...

4.9CVSS5.5AI score0.00476EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/08 10:33 a.m.12 views

CVE-2026-3198

A flaw was found in MLflow. When configured with basic authentication, MLflow fails to enforce proper authorization checks for several Gateway API list endpoints. This oversight allows any authenticated user, regardless of their assigned permissions, to enumerate sensitive information such as...

6.5CVSS6.5AI score0.00244EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10281

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS6.7AI score0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 5:49 p.m.9 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 8:8 p.m.12 views

EUVD-2026-32654

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined at...

5.1CVSS5.8AI score0.00122EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/17 12:0 a.m.20 views

VulnCheck KEV: CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.38410007. In the handlerequest function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails...

10CVSS7.3AI score0.8715EPSS
In wildExploits10References4
RedHat Linux
RedHat Linux
added 2026/05/14 9:16 a.m.13 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
NVD
NVD
added 2026/05/13 10:16 p.m.13 views

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

6.5CVSS0.00318EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 7:54 p.m.24 views

CVE-2026-8142

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.00115EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/04 10:52 a.m.12 views

Information Exposure

org.springframework.grpc, spring-grpc-core is vulnerable to information exposure through error messages. The vulnerability is due to returning raw server-side AuthenticationException messages in the gRPC status description, which allows an attacker to gather authentication failure details and...

5.3CVSS5.8AI score0.002EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/04/28 2:54 p.m.6 views

EUVD-2026-26064

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

3.7CVSS5.3AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/28 2:54 p.m.32 views

CVE-2026-40969 Spring gRPC AuthenticationException message reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

3.7CVSS0.002EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/04/28 12:0 a.m.8 views

Spring gRPC AuthenticationException message reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks...

3.7CVSS5.9AI score0.002EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder