Lucene search
K

161598 matches found

EUVD
EUVD
added 2026/06/09 8:57 a.m.14 views

EUVD-2026-35387

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:57 a.m.32 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:57 a.m.7 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:34 a.m.24 views

CVE-2009-10007

CVE-2009-10007 affects Catalyst::Plugin::Authentication for Perl prior to 0.10_027. The vulnerability arises because the plugin does not automatically change the session id after authentication, enabling session fixation where an attacker with a valid session cookie can impersonate the victim. Do...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 7:34 a.m.12 views

EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 7:34 a.m.8 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

5.5AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 7:34 a.m.39 views

CVE-2009-10007 Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

0.00369EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/09 7:34 a.m.8 views

CVE-2009-10007

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0
NVD
NVD
added 2026/06/09 5:16 a.m.13 views

CVE-2026-41720

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35324

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:48 a.m.44 views

CVE-2026-41720

CVE-2026-41720 affects Spring LDAP, where DirContextAuthenticationStrategy implementations fail to reject a bind request that uses a non-empty username with an empty or null password. Affected versions include 2.4.0–2.4.4, 3.2.0–3.2.17, 3.3.0–3.3.7, and 4.0.0–4.0.3. The CVE description in both th...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:48 a.m.6 views

CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:48 a.m.35 views

CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 3:16 a.m.11 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.10 views

SUSE CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/06/09 2:20 a.m.14 views

curl: Trailing-Dot Hostname in Redirect Silently Strips Client Certificate and Auth Credentials

Summary When curl follows a redirect where the Location header contains a hostname with a trailing dot e.g., https://example.com./path, Curlpeerequal in peer.c:321-330 compares the original hostname example.com against the redirect target example.com. using curlstrequal, which does not normalize...

5.7CVSS6.6AI score0.01595EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/09 2:15 a.m.35 views

CVE-2026-11618 DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:15 a.m.8 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS5AI score0.00401EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/09 2:15 a.m.22 views

CVE-2026-11618

DTStack Taier up to v1.4.0 is affected by an improper authentication issue in the LoginInterceptor.preHandle (taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java) within the Source Connection Test Endpoint. The vulnerability can be abused remotely; public ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References7
Rows per page
Query Builder