Lucene search
K

161620 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References99
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.10 views

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

9.8CVSS7.8AI score0.0819EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.12 views

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...

8.8CVSS7.8AI score0.0819EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.9 views

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

7.2CVSS8.2AI score0.0819EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.10 views

CVE-2026-44422

A flaw was found in FreeRDP. A malicious server can exploit a heap use-after-free or double-free vulnerability in the FreeRDP client's RDPEAR authentication-redirection path. This occurs because the RDPEAR NDR parser incorrectly handles pointer reference IDs, leading to the same heap object being...

8.8CVSS6.3AI score0.00384EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/06/08 8:43 p.m.81 views

Exploit for CVE-2026-43512

CVE-2026-43512 — Apache Tomcat DIGEST Authentication Bypass...

9.8CVSS7.8AI score0.01233EPSS
Exploits1
NVD
NVD
added 2026/06/08 7:16 p.m.7 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:13 p.m.6 views

CVE-2026-49141

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...

7.1CVSS5.6AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/08 6:47 p.m.9 views

CVE-2020-37248

A flaw was found in OfflineIMAP. This vulnerability allows a remote attacker to perform a man-in-the-middle attack by exploiting the client's trust in the server's STARTTLS capability before authentication. This can lead to the attacker taking over the connection and extracting sensitive account...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:26 p.m.6 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 6:26 p.m.31 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

0.00196EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/08 5:52 p.m.7 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.5AI score0.0016EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/08 5:36 p.m.70 views

Exploit for Argument Injection in Gnu Inetutils

CVE-2026–24061 : GNU InetUtils telnetd Authentication Bypass...

9.8CVSS5.7AI score0.98871EPSS
Exploits60
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 5:21 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Authentication Bypass by Alternate Name CVE-2025-14777

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14777 DESCRIPTION: A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization...

6CVSS5.5AI score0.00315EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/08 4:53 p.m.38 views

CVE-2026-25555

OpenBullet2 (

9.8CVSS5.5AI score0.01509EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 4:53 p.m.11 views

EUVD-2026-35138

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:53 p.m.7 views

CVE-2026-25555

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 4:53 p.m.10 views

CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:53 p.m.41 views

CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS0.01509EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS0.00271EPSS
Exploits0References2
Rows per page
Query Builder