Lucene search
K

3059 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Aegra 授权问题漏洞

Aegra is a large-scale model application platform developed by Aegra Corporation, designed for building and orchestrating multi-step intelligent agent processes. Versions of Aegra prior to 0.9.7 contained an authorization vulnerability. This vulnerability stemmed from multiple authenticated users...

8.6CVSS6AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40955

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...

3CVSS5.8AI score0.00137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:12 p.m.7 views

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40591

Name of the Vulnerable Software and Affected Versions OpenLearnX versions prior to 2.0.4 Description An authentication issue in this open-source, decentralized learning and assessment platform could allow unauthorized access to user accounts under specific conditions. Recommendations Update to...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 3:31 p.m.8 views

EUVD-2026-29467

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

7.4CVSS5.8AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 3:11 p.m.17 views

CVE-2026-30808

CVE-2026-30808 concerns Pandora FMS versions 777–800, where a session fixation flaw allows session hijacking via crafted session IDs. The connected sources confirm the vulnerability title and affected range, indicating a problem in authentication/session handling. The impact details in the source...

8.1CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 12:40 a.m.38 views

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40048

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

5.7AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

9.1CVSS5.9AI score0.00406EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:54 p.m.38 views

CVE-2026-43911 Vaultwarden: Refresh tokens not invalidated on security stamp rotation

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's securitystamp is rotated by some security-sensitive operations password change, KDF change, key rotation, email change, org admin password reset, emergency access...

6.8CVSS0.00216EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.15 views

EUVD-2026-29130

Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...

5.4CVSS5.9AI score0.00188EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/11 12:32 p.m.13 views

EUVD-2025-209756

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

7.3CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.5 had a security vulnerability; this vulnerability was caused by an additional authentication issue that led to information leakage, potentially allowing...

7.5CVSS5.8AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/09 7:12 p.m.7 views

CVE-2026-41893 Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints POST /login and POST /signalk/v1/auth/login are protected by express-rate-limit default: 100 attempts per 10-minute window, configurable via HTTPRATELIMITS. The WebSocke...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References4
OSV
OSV
added 2026/05/04 8:52 p.m.5 views

GHSA-VMFM-CH9H-5C7G Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)

Summary The HTTP login endpoints POST /login and POST /signalk/v1/auth/login are protected by express-rate-limit default: 100 attempts per 10-minute window, configurable via HTTPRATELIMITS. The WebSocket login path — sending login: username, password messages over an established WebSocket...

8.7CVSS5.9AI score0.00327EPSS
Exploits1References6
CVE
CVE
added 2026/05/04 2:15 a.m.29 views

CVE-2026-7722

CVE-2026-7722 affects PrefectHQ Prefect up to 3.6.21, specifically the Health Check API at /api/health where the endswith function is implicated. The issue enables a remotely carried out manipulation resulting in improper authentication. Public exploitation is indicated in the description. A patc...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/03 11:0 p.m.51 views

CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS0.00219EPSS
Exploits0References4
OSV
OSV
added 2026/05/03 9:57 a.m.18 views

OESA-2026-2171 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
Rows per page
Query Builder