Lucene search
K

161473 matches found

CVE
CVE
added 2026/06/12 8:0 a.m.26 views

CVE-2026-11535

CVE-2026-11535 affects the PcSuite APP. The connected documents describe an authentication mechanism defect in PcSuite that can allow information leakage within Bluetooth range, leading to unauthorized access to victim devices. The NVD and CVE listings repeat the same description of unauthorized ...

9.4CVSS5.3AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:0 a.m.29 views

CVE-2026-11535

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...

9.4CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:0 a.m.7 views

EUVD-2026-36391

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...

9.4CVSS5.3AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:17 a.m.12 views

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

9.8CVSS0.00662EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/12 4:5 a.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks in the OAuth implementation. An attacker can gain unauthorized access by exploiting the lack of proper validation, even when OAuth is not configured or...

9.8CVSS7.3AI score0.00662EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score0.00504EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.9 views

SUSE CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00335EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.29 views

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

9.8CVSS0.00662EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.10 views

EUVD-2026-36380

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...

8CVSS7.4AI score0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.9 views

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

9.8CVSS8.5AI score0.00662EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 2:27 a.m.86 views

CVE-2026-48611

CVE-2026-48611 describes improper authentication checks in an OAuth implementation that can allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations. The public records do not specify targeted products, versions, vendor names, o...

9.8CVSS7.8AI score0.00662EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 1:57 a.m.31 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00384EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:57 a.m.198 views

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/12 1:57 a.m.15 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OIDC OpenID Connect authentication flow. When OIDC is configured, the system accepts identity tokens during login...

10CVSS6.2AI score0.01219EPSS
Exploits0References45
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49057

Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...

6.5CVSS5.9AI score0.00019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48987

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description An issue exists in the Jobs::RedeliverWebHookEvents function where the MessageBus.publish call f...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-48835

The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection...

8.7CVSS5.3AI score0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48931

Name of the Vulnerable Software and Affected Versions chisel affected versions not specified Description Authenticated clients can bypass Access Control List ACL restrictions defined via the --authfile parameter to tunnel traffic to arbitrary destinations reachable from the server. While the serv...

8.5CVSS5.5AI score0.00038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48961

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References5
Rows per page
Query Builder