Lucene search
K

1120 matches found

Cvelist
Cvelist
added 4 hours ago8 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.00031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

0.00379EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-26247 Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check...

9.1CVSS5.9AI score0.00379EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.8 views

PT-2026-55597

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to correctly persist the OAuth2 PKCE S256 challenge method during the authorization process. This flaw allows for token exchange without the required verifier check. PKCE Proof Key...

9.1CVSS6.2AI score0.00379EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/01 9:6 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...

3.1CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

6.5CVSS0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.36 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS0.00283EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.8 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.8 views

EUVD-2026-40879

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54477

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...

6.5CVSS6AI score0.00283EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/29 9:20 a.m.7 views

CVE-2026-56766

A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...

8.8CVSS6.5AI score0.01325EPSS
Exploits2References5
OSV
OSV
added 2026/06/26 11:6 a.m.3 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.16 views

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-b8e751787c)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b8e751787c advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-vts: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebui...

9.2CVSS6.1AI score0.03552EPSS
Exploits4References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5262 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault

HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:1 p.m.4 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.6CVSS6.8AI score0.01325EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/25 6:1 p.m.6 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/25 6:1 p.m.30 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52540

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References6
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

5.3CVSS0.00241EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/23 4:18 p.m.36 views

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

3.7CVSS0.00241EPSS
Exploits1References4
Rows per page
Query Builder