Lucene search
K

161466 matches found

CVE
CVE
added 2026/06/11 5:4 a.m.33 views

CVE-2026-40997

The CVE-2026-40997 issue affects Spring Web Services: versions 5.0.0–5.0.1, 4.1.0–4.1.3, 4.0.0–4.0.18, and 3.1.0–3.1.8. The vulnerability arises when several Spring WS integration paths with Spring Security reveal detailed account state (e.g., locked or disabled user semantics) to remote SOAP cli...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.27 views

CVE-2026-40995 X.509 authentication bypasses Spring Security account checks

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

5.4CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.19 views

CVE-2026-40995

CVE-2026-40995 affects Spring Web Services versions 3.1.0–3.1.8, 4.0.0–4.0.18, 4.1.0–4.1.3, and 5.0.0–5.0.1. The issue arises in the X509AuthenticationProvider, which could issue a fully authenticated X509AuthenticationToken when a presented certificate maps to a UserDetails, without applying Spr...

5.4CVSS5.5AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.8 views

EUVD-2026-36205

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

5.4CVSS5.4AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.8 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.8 views

CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

5.3CVSS5.6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 2:23 a.m.87 views

Exploit for CVE-2026-28699

CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth...

5.5AI score0.00043EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/11 2:6 a.m.56 views

Exploit for Improper Authentication in Pocketbase

CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self...

7.6CVSS5.4AI score0.00247EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...

7.8CVSS5.3AI score0.00468EPSS
Exploits2References13
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.10 views

Chatwoot Scanner

This is a security assessment tool designed to evaluate authentication status, response behavior, and possible exposure indicators in Chatwoot conversation filtering functionality...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48807

Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...

8.8CVSS6AI score0.0009EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...

8.7CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

VMware Spring Web Services 授权问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

OpenClaw 授权问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.22 contained security vulnerabilities. These vulnerabilities stemmed from a location verification issue in the Control UI pairing mechanism. This allowed attackers with network...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

CyberArk Idira Secrets Manager SaaS Edge 访问控制错误漏洞

CyberArk Idira Secrets Manager SaaS Edge is a distributed confidential access node component offered by the American company CyberArk. Versions of CyberArk Idira Secrets Manager SaaS Edge prior to version 1.8 contained an access control vulnerability. This vulnerability stemmed from improper acce...

9.1CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

ABB Freelance 安全漏洞

ABB Freelance is a distributed control system developed by the Swiss company ABB. There is a security vulnerability in ABB Freelance, which stems from an authentication bypass exploit. The following versions are affected: Version 2013, Version 2013 SP1, Version 2016, Version 2016 SP1, Version 201...

7.1CVSS5.3AI score0.00116EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

FreeBSD : Erlang/OTP -- httpc leaks authentication headers on cross-host redirect (d87e2466-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e2466-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports: The HTTP client httpc in...

7.1CVSS5.4AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48635

Name of the Vulnerable Software and Affected Versions ABB Freelance versions 2013 through 2024 Description An authentication bypass issue exists in ABB Freelance due to a primary weakness. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

7.1CVSS5.9AI score0.00116EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
Rows per page
Query Builder