Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

820 matches found

RedhatCVE
RedhatCVEadded 2026/05/15 7:57 p.m.10 views

CVE-2026-41615

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References1
NVD
NVDadded 2026/05/14 6:16 p.m.8 views

CVE-2026-41615

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

9.6CVSS0.00559EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/14 5:0 p.m.5 views

CVE-2026-41615

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2026/05/14 5:0 p.m.17 views

CVE-2026-41615

CVE-2026-41615 affects Microsoft Authenticator. The available documents identify an information disclosure vulnerability that could allow an unauthorized network actor to exfiltrate sensitive data from the Microsoft Authenticator component. The CVSS 3.1 score is 9.6 (CRITICAL) with Network attack...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/14 5:0 p.m.6 views

CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability

...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/14 5:0 p.m.31 views

CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability

...

9.6CVSS0.00559EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 5:0 p.m.7 views

EUVD-2026-30342

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2026/05/14 2:0 p.m.8 views

Microsoft Authenticator Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network...

9.6CVSS5.8AI score0.00559EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.11 views

PT-2026-40974

Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description Exposure of sensitive information in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

10CVSS5.8AI score0.00559EPSS
Exploits0References15
Kaspersky
Kasperskyadded 2026/05/14 12:0 a.m.14 views

KLA91047 OSI vulnerability in Microsoft Apps

An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-41615 Exploitation Related products Microsoft-Authenticator-for-Android Microsoft-Authenticator-for-IOS CVE list...

9.6CVSS5.7AI score0.00559EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/14 12:0 a.m.11 views

Microsoft Authenticator 信息泄露漏洞

Microsoft Authenticator is an application for multi-factor authentication developed by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Authenticator. This vulnerability stems from the exposure of sensitive information to unauthorized...

9.6CVSS5.8AI score0.00559EPSS
Exploits0References2
NVD
NVDadded 2026/05/13 9:16 p.m.8 views

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS0.00222EPSS
Exploits1References1
CVE
CVEadded 2026/05/13 8:12 p.m.14 views

CVE-2026-42602

The CVE affects opentelemetry-collector-contrib’s azureauthextension in versions 0.124.0–0.150.0. The root cause is that Authenticate performs a token equality check against a token minted by the collector’s own credential, using the client-supplied Host header to set the scope, and does not vali...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 8:12 p.m.33 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS0.00222EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 8:12 p.m.4 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.8AI score0.00222EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/12 4:54 p.m.9 views

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6.2AI score0.00551EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 4:54 p.m.27 views

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS0.00551EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 4:54 p.m.19 views

CVE-2026-44277

Affected vendor/product : Fortinet FortiAuthenticator. Versions affected : 8.0.2, 8.0.0, 6.6.0–6.6.8, 6.5.0–6.5.6. Vulnerability type : improper access control. Impact : may allow an attacker to execute unauthorized code or commands via an attack vector (not specified in the provided documents). ...

9.8CVSS6.2AI score0.00551EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 3:24 p.m.11 views

CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

5.7AI score0.00869EPSS
Exploits1References1
Apache Tomcat
Apache Tomcatadded 2026/05/11 12:0 a.m.8 views

Fixed in Apache Tomcat 10.1.55

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit c6213173. This issue was reported to the Tomcat securit...

9.8CVSS5.8AI score0.00996EPSS
Exploits2Affected Software1
Rows per page
Query Builder