Lucene search
K

161521 matches found

EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35441

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

10CVSS5.6AI score0.98937EPSS
Exploits4References2
OSV
OSV
added 2026/06/09 6:29 p.m.24 views

USN-8414-2 openssl, openssl1.0 vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 6:17 p.m.9 views

CVE-2026-50512

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:36 p.m.12 views

EUVD-2026-35771

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:34 p.m.8 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS0.0027EPSS
Exploits0References24
NVD
NVD
added 2026/06/09 5:17 p.m.23 views

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS0.00196EPSS
Exploits0References5
OSV
OSV
added 2026/06/09 5:14 p.m.10 views

USN-8414-1 openssl vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/09 5:6 p.m.8 views

EUVD-2026-35744

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally...

8.4CVSS5.4AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:6 p.m.41 views

CVE-2026-44810

CVE-2026-44810: Improper authentication in Windows Cryptographic Services allows a local attacker to elevate privileges. Affected: Windows Cryptographic Services. Impact: HIGH (CVSS 3.1 base 8.4) with local attack, no user interaction required; confidentiality, integrity, and availability are HIG...

8.4CVSS5.4AI score0.00261EPSS
Exploits0References1Affected Software6
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.8 views

CVE-2026-50508 Windows NTLM Spoofing Vulnerability

...

6.5CVSS5.4AI score0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.31 views

CVE-2026-50508 Windows NTLM Spoofing Vulnerability

...

6.5CVSS0.00662EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.58 views

CVE-2026-50508

CVE-2026-50508 describes an exposure of sensitive information in Windows NTLM that enables an unauthenticated network-based spoofing capability. The vulnerability affects the Windows NTLM authentication path and is documented with a network attack vector and a high confidentiality impact. Public ...

7.5CVSS5.4AI score0.00662EPSS
Exploits0References1Affected Software6
PyPA
PyPA
added 2026/06/09 4:43 p.m.4 views

PYSEC-2026-219

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

6.5CVSS6.4AI score0.01475EPSS
Exploits1References17Affected Software1
NVD
NVD
added 2026/06/09 4:16 p.m.7 views

CVE-2026-10523

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

9.9CVSS0.4719EPSS
Exploits3References1
OSV
OSV
added 2026/06/09 4:7 p.m.9 views

MAL-2026-5385 Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...

5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:5 p.m.33 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:5 p.m.23 views

CVE-2026-49848

FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.7 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:5 p.m.11 views

EUVD-2026-35495

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder