Lucene search
K

161622 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47346

Name of the Vulnerable Software and Affected Versions AdGuard Home versions prior to 0.107.77 Description When started with the --glinet flag, the software contains an authentication bypass that allows unauthenticated attackers to gain full administrative access. This occurs due to unsanitized...

9.4CVSS5.7AI score0.00542EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.9 views

PT-2026-47578

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

7.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47623

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.1 Description The handleGetAuditLog function in internal/api/audit.go fails to perform an administrative privilege check. While the endpoint is protected by bearer authentication, any valid operator API key...

7.1CVSS5.9AI score0.00043EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47229

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrency code parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References4
Amazon
Amazon
added 2026/06/08 12:0 a.m.17 views

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.005EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.34 views

VulnCheck KEV: CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.8CVSS5.6AI score0.80188EPSS
In wildExploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.26 views

VulnCheck KEV: CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.71051EPSS
In wildExploits5References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

OpenBullet2 安全漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass vulnerability in the API key authentication middleware,...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

389 Directory Server 资源管理错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a resource management vulnerability in 389 Directory Server, which stems from the Content Synchronization persistent search plugin allowing unlimited memory...

6.5CVSS5.3AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and permission checks at the OpenAI Assistants Vector Store...

8.8CVSS5.3AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

OfflineIMAP 安全漏洞

OfflineIMAP is an open-source Python utility designed for synchronizing emails with IMAP servers. Versions of OfflineIMAP prior to 8.0.3 contained a security vulnerability. This vulnerability stemmed from the STARTTLS feature, which allowed trust in the server before authentication. This could le...

6.5CVSS5.3AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the tpmdevrelease function not properly releasing the authentication session using kfreesensitive,...

5.4AI score0.00168EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: libpq

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

8.8CVSS5.8AI score0.00558EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: tomcat10

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/08 12:0 a.m.12 views

Check Point Security Gateway Improper Authentication Vulnerability

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.71051EPSS
In wildExploits5
FreeBSD
FreeBSD
added 2026/06/08 12:0 a.m.70 views

caddy -- multiple vulnerabilities

Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory GHSA-qrp7-cvwr-j2c6 reports: Windows-encoded backslashes in request paths could bypass path-scoped authorization rules before files are served by fileserver. GitHub Security Advisory GHSA-f59h-q822-g45g...

8.1CVSS5.2AI score0.00409EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.13 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1770)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1770 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

9.8CVSS6.5AI score0.01339EPSS
Exploits2References16
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.5AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.8 views

Amazon Linux 2 : libssh2, --advisory ALAS2-2026-3329 (ALAS-2026-3329)

The version of libssh2 installed on the remote host is prior to 1.4.3-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3329 advisory. A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the...

9.1CVSS7.3AI score0.00466EPSS
Exploits0References4
Rows per page
Query Builder