Lucene search
K

161485 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-9185

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:12 a.m.4 views

SUSE-SU-2026:22066-1 Security update for elemental-operator

This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Fix substitution - Fix reference in labels - Adapt labels to pass...

9.6CVSS6.8AI score0.01557EPSS
Exploits2References16
GithubExploit
GithubExploit
added 2026/06/10 7:34 a.m.54 views

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

🚨 CVE-2026-0257 – PAN-OS GlobalProtect Authentication Bypass...

9.1CVSS5.9AI score0.86678EPSS
Exploits9
Veracode
Veracode
added 2026/06/10 7:20 a.m.12 views

Denial Of Service

Keycloak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of LDAP password policy responses, where a malformed response from a configured LDAP server can trigger an OutOfMemoryError during password authentication processing, causing the Keycloak JVM to termina...

4.9CVSS5.5AI score0.00476EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/10 6:44 a.m.9 views

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2References7
Ubuntu
Ubuntu
added 2026/06/10 6:44 a.m.27 views

USN-8417-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 a.m.8 views

CVE-2026-36809

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 a.m.9 views

CVE-2026-36806

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.8 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.8 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 2:16 a.m.13 views

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS0.00439EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/10 12:31 a.m.13 views

EUVD-2026-35896

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35856

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.15 views

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00504EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2026/06/10 12:0 a.m.10 views

postgresql-jdbc security update

42.2.14-4 - Limit SCRAM PBKDF2 iterations to prevent DoS via malicious server - Resolves: CVE-2026-42198...

7.5CVSS7.2AI score0.0077EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48451

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48546

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder