Lucene search
K

161620 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 3:5 p.m.6 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:5 p.m.8 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:5 p.m.24 views

CVE-2026-46657

Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:5 p.m.40 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:5 p.m.10 views

EUVD-2020-31250

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 3:5 p.m.30 views

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 2:45 p.m.16 views

CVE-2026-11523

The vulnerability CVE-2026-11523 affects Tenda W20E firmware version 15.11.0.6, in the Web Management Interface function formPortalAuth (file /goform/PortalAuth). Manipulating the argument gotoUrl can trigger a stack-based buffer overflow. Exploitation can be performed remotely, and a public expl...

9CVSS6.2AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 2:45 p.m.12 views

EUVD-2026-35080

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

9CVSS8.4AI score0.00466EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 1:55 p.m.7 views

SUSE-SU-2026:2301-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

3.7CVSS5.4AI score0.00201EPSS
Exploits0References14
OSV
OSV
added 2026/06/08 1:54 p.m.7 views

SUSE-SU-2026:2300-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

3.7CVSS5.5AI score0.00201EPSS
Exploits0References14
OSV
OSV
added 2026/06/08 1:54 p.m.9 views

JLSEC-2026-605

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 1:27 p.m.8 views

WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin Faust.js versions = 1.8.7...

8.8CVSS5.5AI score0.0029EPSS
Exploits0Affected Software1
Debian
Debian
added 2026/06/08 1:0 p.m.10 views

[SECURITY] [DSA 6329-1] tomcat11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6329-1 [email protected] https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq -...

9.8CVSS7AI score0.03494EPSS
Exploits4
Debian
Debian
added 2026/06/08 12:57 p.m.10 views

[SECURITY] [DSA 6328-1] tomcat10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1 [email protected] https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq -...

9.8CVSS7AI score0.03494EPSS
Exploits4
Patchstack
Patchstack
added 2026/06/08 12:35 p.m.8 views

WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Dropshipping versions = 5.2.4...

6.5CVSS5.5AI score0.00305EPSS
Exploits0Affected Software1
CISA
CISA
added 2026/06/08 12:0 p.m.11 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42271link is external BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751link is external Check Point Security Gateway Improper Authentication...

9.3CVSS5.7AI score0.80188EPSS
In wildExploits6References7
HackRead
HackRead
added 2026/06/08 11:34 a.m.25 views

Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/06/08 11:7 a.m.74 views

CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

0.71051EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:7 a.m.9 views

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

5.9AI score0.71051EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2026/06/08 11:7 a.m.12 views

CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

5.9AI score0.71051EPSS
Exploits5References1
Rows per page
Query Builder