Lucene search
K

161474 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 3:37 p.m.7 views

CVE-2026-45567 Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.15 views

CVE-2026-6090

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS0.00108EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/10 3:10 p.m.17 views

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

10CVSS9.6AI score0.98937EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-10523

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

9.9CVSS6AI score0.4719EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.71051EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 2:40 p.m.72 views

Exploit for Improper Authentication in Checkpoint Gaia_Os

CVE-2026-50751 Check Point IKEv1 Scanner A multi-threaded vul...

9.3CVSS5.9AI score0.71051EPSS
Exploits5
Debian CVE
Debian CVE
added 2026/06/10 2:35 p.m.6 views

CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.6AI score0.00194EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 2:35 p.m.12 views

EUVD-2026-36054

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 2:31 p.m.34 views

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 2:31 p.m.8 views

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 2:16 p.m.12 views

CVE-2026-52754

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS0.00252EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/10 2:16 p.m.55 views

Exploit for Improper Authentication in Checkpoint Gaia_Os

markdown CVE-2026-50751 - Check Point IKEv1 Authentication Byp...

9.3CVSS5.9AI score0.71051EPSS
Exploits5
EUVD
EUVD
added 2026/06/10 2:9 p.m.8 views

EUVD-2026-36049

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:9 p.m.34 views

CVE-2026-6090

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:9 p.m.17 views

CVE-2026-6090

Lenovo Smart Connect for Windows is described as affected by CVE-2026-6090, a potential authentication bypass that could allow a local authenticated user to execute arbitrary code with elevated privileges. CVSS metrics show: CVSS v3.1 base score 7.0 (LOCAL, HIGH impact to Confidentiality/Integrit...

7.3CVSS6AI score0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:9 p.m.10 views

CVE-2026-6090

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:59 p.m.11 views

EUVD-2026-36036

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.10 views

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

5.7AI score0.00055EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/10 1:39 p.m.7 views

GHSA-5G86-85RP-F9HX Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

3.5CVSS5.6AI score0.00025EPSS
Exploits0References3
Rows per page
Query Builder