Lucene search
K

510 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.5 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 12:0 a.m.129 views

CVE-2025-67038

Summary: CVE-2025-67038 affects Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module concatenates the username into a shell command used for logging on authentication failures, allowing injection of arbitrary OS commands with root privileges. Multiple sources (NVD, Red Hat, CISA KEV, CNNVD) describe ...

9.8CVSS5.9AI score0.00889EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 9:27 p.m.38 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

5.3CVSS0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 9:27 p.m.3 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

5.3CVSS5.7AI score0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9930

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 12:0 a.m.6 views

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

6.2AI score0.00461EPSS
Exploits1References2
OSV
OSV
added 2026/03/02 9:49 p.m.7 views

GHSA-VPJ2-69HF-RPPW OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.5CVSS5.9AI score0.0011EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/02 9:49 p.m.7 views

OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.11 views

PT-2026-26422

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1 Description OpenClaw does not correctly manage authentication bootstrap errors during startup, which can allow browser-control routes to remain accessible without authentication. Local processes or...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.5 views

CVE-2026-27767

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.8CVSS6AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 4:27 p.m.4 views

GO-2026-4539 Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2

Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2...

9.3CVSS5.4AI score0.00267EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/26 7:57 a.m.23 views

CVE-2026-1695 XSS vulnerability upon unsuccessful authentication

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

5.3CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8328

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The Mattermost application and its Zoom plugin do not...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References117
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.6 views

ZLAN5143D 访问控制错误漏洞

ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from an inability to enforce authentication properly. This vulnerability allows attackers to directly access internal URLs...

9.8CVSS7.5AI score0.00732EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.5 views

CVE-2026-2165

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...

9.8CVSS5.2AI score0.0057EPSS
Exploits1References1
NVD
NVD
added 2026/02/05 5:16 p.m.20 views

CVE-2020-37143

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successfu...

7.5CVSS0.00337EPSS
Exploits0References3
CNVD
CNVD
added 2026/02/05 12:0 a.m.3 views

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

9.8CVSS5.8AI score0.00485EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.46 views

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

8.2CVSS5.9AI score0.00134EPSS
Exploits2References1
Rows per page
Query Builder