Lucene search
K

91 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS0.00238EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 9:1 p.m.19 views

CVE-2026-45575

The CVE concerns the epa4all-client Java client for epa4all/ePA 3.0. Before 1.2.2, an attacker who can perform a TLS man-in-the-middle between the client and the IDP within the TI network can substitute a forged discovery document. This redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-co...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References2
Circl
Circl
added 2026/05/13 3:40 p.m.13 views

CVE-2026-6177

creationtimestamp| type| source ---|---|--- 2026-05-13 15:40:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqnb4s65q2q 2026-05-15 03:50:46+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlugiqwy3k2a 2026-05-16 18:32:05+00:00| seen|...

7.2CVSS4.9AI score0.00493EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-41337

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 1:53 p.m.16 views

CVE-2026-31453

The CVE-2026-31453 issue affects the Linux kernel XFS path. The root cause is use-after-free-like behavior: after xfsaild_push_item() calls iop_push(), the log item could be freed if the AIL lock is dropped, allowing a freed log item to be dereferenced by tracepoints in the switch that follow. Th...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/03/15 12:57 a.m.9 views

[SECURITY] Fedora 43 Update: wireshark-4.6.4-1.fc43

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

7.5CVSS5.8AI score0.00184EPSS
Exploits3
NVD
NVD
added 2026/02/15 11:15 a.m.7 views

CVE-2026-2540

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

8.4CVSS0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/15 11:3 a.m.5 views

CVE-2026-2540

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

8.4CVSS5.5AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 11:24 a.m.3 views

CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

8.8CVSS6.4AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/23 10:38 a.m.5 views

CVE-2025-61739

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...

7.2CVSS6.9AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/22 10:19 a.m.4 views

EUVD-2025-204703

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...

7.2CVSS6.4AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-5735

Malware in sbrugna...

9.3CVSS8.6AI score0.01334EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-3516

Malware in sbrugna...

5.5CVSS4.9AI score0.00982EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-12418

Malware in sbrugna...

5.3CVSS4.5AI score0.00218EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/05/01 12:5 a.m.1037 views

WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Summary An attacker can bypass authentication by capturing a valid login response including session cookies/tokens and replaying it during a failed login attempt with incorrect credentials. The server fails to invalidate or validate session tokens properly, allowing unauthorized access even after...

7.1AI score
Exploits0
Circl
Circl
added 2025/04/10 8:48 a.m.8 views

CVE-2025-32227

creationtimestamp| type| source ---|---|--- 2025-04-10 08:48:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11210 2025-04-10 11:10:42+00:00| seen| https://t.me/cvedetector/22633...

4.3CVSS8.7AI score0.00287EPSS
Exploits0References2
OSV
OSV
added 2025/02/20 1:30 a.m.11 views

CVE-2025-1492 Uncontrolled Recursion in Wireshark

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file...

7.8CVSS5.6AI score0.0028EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.13 views

AutomationDirect DirectLogic H2-DM1E 安全漏洞

AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...

8.8CVSS6.8AI score0.00284EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.32 views

EulerOS Virtualization 2.12.1 : python-cryptography (EulerOS-SA-2024-2315)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured message...

7.5CVSS6.3AI score0.01118EPSS
Exploits0References2
Rows per page
Query Builder