Lucene search
K

161466 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2026-2368)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

6.5CVSS7.8AI score0.00333EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/06/11 10:53 p.m.6 views

CVE-2026-47238 ClipBucket: IDOR in videos subtitle editor

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

6.5CVSS5.2AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 8:29 p.m.9 views

EUVD-2026-36130

Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:29 p.m.5 views

GHSA-76R6-X97P-67VR Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Summary russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner...

5.3CVSS5.7AI score0.00277EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 8:3 p.m.29 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 8:3 p.m.16 views

CVE-2026-41005

Cloud Foundry UAA (uaa_release 2.0.0–78.13.0) and CF Deployment up to 56.1.0 are affected by CVE-2026-41005, where XML encryption intended for confidentiality in SAML content was incorrectly treated as a substitute for XML signatures, enabling authentication bypass in two flows: OAuth 2.0 SAML2 b...

9CVSS5.4AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 8:3 p.m.8 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS5.3AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS0.00503EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/11 6:54 p.m.17 views

USN-8423-1: lwIP vulnerabilities

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...

10CVSS8.8AI score0.19431EPSS
Exploits4
OSV
OSV
added 2026/06/11 6:54 p.m.7 views

USN-8423-1 lwip vulnerabilities

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...

10CVSS9.6AI score0.19431EPSS
Exploits4References5
Cvelist
Cvelist
added 2026/06/11 6:40 p.m.25 views

CVE-2026-45177 Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:40 p.m.6 views

CVE-2026-45177 Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS5.5AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:40 p.m.29 views

CVE-2026-45177

CVE-2026-45177 affects Idira Secrets Manager SaaS Edge prior to 1.8. The issue is improper access control in internal authentication components, enabling a remote, unauthenticated attacker to submit a crafted request that could bypass identity verification and lead to unauthorized acquisition of ...

9.1CVSS5.5AI score0.00503EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/11 6:16 p.m.11 views

CVE-2026-3329

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:54 p.m.8 views

CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.00539EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 5:10 p.m.4 views

GHSA-J93G-RP6M-J32M Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 5:0 p.m.7 views

EUVD-2026-36268

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 5:0 p.m.25 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:0 p.m.21 views

CVE-2026-3329

CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
Rows per page
Query Builder