Lucene search
K

161622 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 11:7 a.m.12 views

CVE-2026-50751 User Authentication Bypass in VPN Remote Access and Mobile Access

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

5.9AI score0.71051EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/06/08 11:0 a.m.44 views

CVE-2026-50752 Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 11:0 a.m.12 views

EUVD-2026-35046

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 10:33 a.m.11 views

CVE-2026-3198

A flaw was found in MLflow. When configured with basic authentication, MLflow fails to enforce proper authorization checks for several Gateway API list endpoints. This oversight allows any authenticated user, regardless of their assigned permissions, to enumerate sensitive information such as...

6.5CVSS6.5AI score0.00244EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/06/08 9:11 a.m.76 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Exploit Windows Compatible Erlang/OTP SSH Un...

10CVSS8.8AI score0.97673EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/06/08 9:9 a.m.60 views

Exploit for Improper Authentication in Wordpress

CVE-2008-1930 Exploitation Documentation Guide Document In...

7.5CVSS5.5AI score0.05001EPSS
Exploits2
SUSE Linux
SUSE Linux
added 2026/06/08 8:53 a.m.7 views

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 8:52 a.m.7 views

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/08 8:51 a.m.7 views

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 8:51 a.m.5 views

SUSE-SU-2026:2292-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

8.1CVSS5.5AI score0.01312EPSS
Exploits0References5
NCSC
NCSC
added 2026/06/08 8:31 a.m.20 views

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

9.8CVSS6.1AI score0.0058EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 7:22 a.m.8 views

ROOT-APP-PYPI-CVE-2026-41425 CVE-2026-41425 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-41425 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

5.4CVSS5.8AI score0.00106EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47340

Name of the Vulnerable Software and Affected Versions OpenBullet2 versions prior to 0.3.3 Description An authentication bypass exists in the API key authentication middleware. Unauthenticated attackers can gain administrative access to the admin console and all API endpoints by providing an empty...

9.8CVSS5.3AI score0.01509EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47429

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Improper neutralization of special elements in the built-in PAM Privileged Access Management provider password rotation templates allows an...

6.5CVSS5.7AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47329

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47308

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

9CVSS8.4AI score0.00466EPSS
Exploits0References7
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: libssh2

Issue Overview: A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name ...

7.5CVSS7AI score0.00466EPSS
Exploits0
Snyk
Snyk
added 2026/06/08 12:0 a.m.6 views

Direct Request ('Forced Browsing')

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.4AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.6 views

Incorrect Implementation of Authentication Algorithm

Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...

8.9CVSS5.5AI score0.00257EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: tomcat9

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
Rows per page
Query Builder