Lucene search
K

161512 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Lenovo Smart Connect 安全漏洞

Lenovo Smart Connect is a cross-device collaboration platform developed by China’s Lenovo Corporation. There is a security vulnerability in Lenovo Smart Connect for Windows. This vulnerability stems from a potential authentication bypass, which may allow locally authenticated users to execute...

7.3CVSS5.9AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

ImageMagick 信息泄露漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a vulnerability related to information leakage. This vulnerability stemm...

4.1CVSS5.3AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Russh 授权问题漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as an individual contributor. In versions of Russh from 0.37.0 to 0.61.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the keyboard interaction authentication process, where a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

8.3CVSS5.4AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of role checks and group ownership checks on the agentaction endpoint. Any...

8.5CVSS5.3AI score0.00199EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : cups (EulerOS-SA-2026-2325)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48451

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.7 views

Erlang/OTP -- timing-based username enumeration in SSH password authentication

https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 reports: A timing-based username enumeration vulnerability during password authentication with the userpasswords option has been fixed by performing a dummy PBKDF2 computation for invalid usernames, so authentication timing no...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

7.1CVSS5.2AI score0.00123EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/10 12:0 a.m.4 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the X509AuthenticationProvider class in X509AuthenticationProvider.java. The provider issues a fully authenticated X509AuthenticationToken whenever a presented certificate maps to...

5.4CVSS5.5AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the Spring Security integration paths in SpringSecurityUtils.checkUserValidity, SpringSecurityPasswordValidationCallbackHandler, and X509AuthenticationProvider, which surface account status exceptions such as...

6.9CVSS5.4AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Origin Validation Error

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Origin Validation Error via insufficient Origin validation for WebSocket connections. An attacker can perform Cross-Site WebSocket Hijacking CSWSH b...

8.5CVSS5.8AI score0.00182EPSS
Exploits0References2
Redos
Redos
added 2026/06/10 12:0 a.m.6 views

ROS-20260610-73-0006

The vulnerability in Thunderbird relates to the bypassing of authentication mechanisms through spoofing. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks remotely...

6.3CVSS5.4AI score0.00157EPSS
Exploits0
Redos
Redos
added 2026/06/10 12:0 a.m.5 views

ROS-20260610-73-0022

The vulnerability in Thunderbird relates to exploiting an authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions without being detected...

9.8CVSS5.5AI score0.00459EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2283)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00333EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00504EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 11:47 p.m.26 views

CVE-2026-41706

Spring Security: CookieRequestCache and CookieServerRequestCache store the full absolute pre-authentication URL in a browser cookie and use it as the post-login redirect target without validation. Affected versions include Spring Security 5.7.0–5.7.23; 5.8.0–5.8.25; 6.3.0–6.3.16; 6.4.0–6.4.16; 6....

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder