Lucene search
K

161499 matches found

CVE
CVE
added 2026/06/09 9:57 p.m.21 views

CVE-2026-9742

The CVE-2026-9742 entry describes a vulnerability in MongoDB where, when OIDC authentication is enabled, a crafted value in the mechanism parameter of the authenticate command can crash the server. The authenticate command is reachable by unauthenticated clients, enabling pre-auth denial-of-servi...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 9:55 p.m.36 views

Exploit for CVE-2026-10520

CVE-2026-10520 and CVE-2026-10523 An Ivanti Sentry Authentica...

10CVSS6.7AI score0.98937EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.9 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS5.4AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.8 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-25555

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.11 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:40 p.m.7 views

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS5.4AI score0.00279EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 provider cipher implementations. An attacker can forge an empty message with arbitrary AAD under a key they do not know, because the expected tag is computed on...

8.2CVSS5.5AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.11 views

EUVD-2026-35466

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.0027EPSS
Exploits0References24
EUVD
EUVD
added 2026/06/09 6:31 p.m.9 views

EUVD-2026-35494

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35489

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35441

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

10CVSS5.6AI score0.98937EPSS
Exploits4References2
OSV
OSV
added 2026/06/09 6:29 p.m.24 views

USN-8414-2 openssl, openssl1.0 vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 6:17 p.m.9 views

CVE-2026-50512

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:36 p.m.12 views

EUVD-2026-35771

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:34 p.m.8 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS0.0027EPSS
Exploits0References24
NVD
NVD
added 2026/06/09 5:17 p.m.23 views

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS0.00196EPSS
Exploits0References5
Rows per page
Query Builder