161620 matches found
CVE-2026-46657
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
CVE-2026-46657
Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...
CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
EUVD-2020-31250
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...
CVE-2020-37248
OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...
CVE-2026-11523
The vulnerability CVE-2026-11523 affects Tenda W20E firmware version 15.11.0.6, in the Web Management Interface function formPortalAuth (file /goform/PortalAuth). Manipulating the argument gotoUrl can trigger a stack-based buffer overflow. Exploitation can be performed remotely, and a public expl...
EUVD-2026-35080
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...
SUSE-SU-2026:2301-1 Security update for mutt
This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...
SUSE-SU-2026:2300-1 Security update for mutt
This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...
JLSEC-2026-605
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin Faust.js versions = 1.8.7...
[SECURITY] [DSA 6329-1] tomcat11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6329-1 [email protected] https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DSA 6328-1] tomcat10 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1 [email protected] https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq -...
WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Dropshipping versions = 5.2.4...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42271link is external BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751link is external Check Point Security Gateway Improper Authentication...
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk...
CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...
CVE-2026-50751
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...
CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...