Lucene search
K

161612 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2009-10007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

WordPress plugin WPForms 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...

5.3CVSS6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

Catalyst-Plugin-Authentication 授权问题漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10027 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the lack of automatic session ID changes after...

9.1CVSS5.3AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47859

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient authentication and input validation allow users connected to the local network to execute commands, which can impact product confidentiality or allow the modification of certain...

8.3CVSS5.4AI score0.0027EPSS
Exploits0References27
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48167

Name of the Vulnerable Software and Affected Versions bookcars version 8.3 Description A lack of cryptographic signature verification in the validateAccessToken function allows attackers to bypass authentication by using a forged JSON Web Token JWT, which is a compact, URL-safe means of...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48173

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

5.5AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36799

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.7 views

CVE-2026-36820

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.8 views

CVE-2026-36809

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48170

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module task:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

5.5AI score0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.18 views

CVE-2026-36727

CVE-2026-36727 affects bookcars version 8.3. An insecure authentication vulnerability exists in the /api/social-sign-in endpoint that allows bypassing authentication by forged JWT tokens. The issue is documented across multiple feeds (NVD, Red Hat, CVE records) with no explicit exploit details or...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.17 views

CVE-2026-36721

CVE-2026-36721 affects bookcars v8.3. The root cause is a lack of cryptographic signature verification in the validateAccessToken function, which enables attackers to bypass authentication via a forged JWT token. The CVE is rated with a high impact metric (CVSS v3.1: 9.8, Critical) across confide...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47629

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36724

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References99
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References120
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References118
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-47926

Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services affected versions not specified Description Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally, which can affect the system. Recommendations At...

8.4CVSS5.2AI score0.00261EPSS
Exploits0References7
Rows per page
Query Builder