Lucene search
K

161621 matches found

NVD
NVD
added 2026/06/08 4:16 p.m.10 views

CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

9CVSS0.00466EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 4:16 p.m.8 views

CVE-2020-37248

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS0.00186EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/08 4:12 p.m.18 views

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:12 p.m.36 views

CVE-2026-41448 AdGuard Home Authentication Bypass via Path Traversal in Admin-Token Cookie

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS0.00542EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:12 p.m.9 views

CVE-2026-41448

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 4:12 p.m.13 views

EUVD-2026-35126

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence in the Admin-Token cookie, exploiting unsanitized string concatenation in the token file path...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 4:12 p.m.30 views

CVE-2026-41448

CVE-2026-41448 affects AdGuard Home when started with --glinet. The vulnerability stems from unsanitized path construction in the authglinet middleware, enabling an authentication bypass via a crafted path traversal sequence in the Admin-Token cookie/header, yielding unauthenticated full admin ac...

9.4CVSS5.6AI score0.00542EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:46 p.m.58 views

CVE-2026-46291

CVE-2026-46291 concerns the Linux kernel crypto/caam path: hash_digest_key may dump sensitive HMAC key bytes when CONFIG_DYNAMIC_DEBUG is enabled. The fix redirects dumps to print_hex_dump_devel() to prevent leaking secrets at runtime. Affected behavior is that dynamic debugging could reveal HMAC...

5.4AI score0.00177EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:41 p.m.10 views

EUVD-2026-35148

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 3:41 p.m.19 views

CVE-2026-46283

The CVE concerns the Linux kernel TPM driver: tpm_dev_release() frees the chip->auth structure with plain kfree(), leaving sensitive material (HMAC session keys, nonces, passphrase data) in freed memory. Other code paths scrub before free via kfree_sensitive(), so this path risks leaking sensi...

5.5AI score0.00168EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:30 p.m.6 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.4CVSS6.5AI score0.0082EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/08 3:30 p.m.46 views

CVE-2026-46442

Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:29 p.m.8 views

CVE-2026-46440 Flowise: Basic Auth Credentials Exposed via API

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:29 p.m.11 views

EUVD-2026-35107

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:29 p.m.42 views

CVE-2026-46440 Flowise: Basic Auth Credentials Exposed via API

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS0.00251EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/08 3:27 p.m.6 views

Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References46
OSV
OSV
added 2026/06/08 3:27 p.m.8 views

SUSE-SU-2026:2303-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References23
SUSE Linux
SUSE Linux
added 2026/06/08 3:27 p.m.7 views

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 3:25 p.m.7 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.4AI score0.00327EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:25 p.m.36 views

CVE-2026-46444

FlowiseAI’s OpenAI Assistants Vector Store endpoints (/api/v1/openai-assistants-vector-store) were vulnerable in pre-3.1.2 releases: all CRUD routes lacked authentication middleware and did not enforce permissions, allowing any authenticated user to create, update, delete, or upload files to vect...

8.8CVSS5.4AI score0.00327EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder