Lucene search
K

703 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41942

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-41753

An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-55794

Name of the Vulnerable Software and Affected Versions cve-search affected versions not specified Description An unauthenticated improper input validation issue exists in the 'POST /fetch cve data' endpoint. A remote attacker can manipulate request parameters that control the MongoDB collection,...

9.2CVSS6.1AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.8 views

CVE-2026-53632

A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 10:47 a.m.9 views

EUVD-2026-39646

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS0.00073EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.32 views

CVE-2026-56272 Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS0.00073EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 5:18 p.m.4 views

GHSA-V6WH-96G9-6WX3 launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:18 p.m.40 views

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/12 10:44 p.m.80 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

Information Security Fundamentals — Spring 2026 Project Tot...

10CVSS6.4AI score0.97673EPSS
Exploits36
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the use of static, hard-code...

9.8CVSS5.4AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:47 p.m.37 views

CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS0.00314EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:47 p.m.7 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 4:47 p.m.12 views

EUVD-2026-35133

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/07 1:5 a.m.62 views

robot

Good all day, my friends, I finally finished the first versio...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/06 10:1 a.m.69 views

cyber-pentools

🔥 Cyber Pentools — All-in-One Penetration Testing Toolkit 2...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/05 9:48 a.m.82 views

Kali-setup

🛠️ kali-setup A single bash script that pulls in the 20 most-...

5.7AI score
Exploits0
Rows per page
Query Builder