Lucene search
K

128 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-61501

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:16 p.m.7 views

DEBIAN-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 8:16 p.m.7 views

UBUNTU-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50779

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.11.0 Description A stored cross-site scripting XSS issue exists in the web-admin HTTPS interface. An attacker can inject HTML or JavaScript by creating a TURN allocation with a crafted USERNAME value. This script...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References15
Snyk
Snyk
added 2026/05/27 9:35 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AuthorizedKeysFile %u token. An attacker can gain unauthorized SSH authentication by supplying a specially crafted username containing path traversal sequences, allowing the server to read an...

7.7CVSS6.3AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 10:16 p.m.13 views

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

6.5CVSS0.00318EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:52 p.m.8 views

CVE-2026-44195 OPNsense: Authentication lockout bypass

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

5.3CVSS5.8AI score0.00318EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 9:52 p.m.22 views

CVE-2026-44195

OPNsense (FreeBSD-based firewall) prior to 26.1.7 contains a logic flaw in the lockout_handler that allows an unauthenticated attacker to repeatedly reset the authentication failure counter for their IP. By inserting a crafted username containing a success keyword (e.g., “Accepted” or “Successful...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:52 p.m.10 views

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

5.3CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40828

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.7 Description A logic flaw in the lockout handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a...

5.3CVSS5.8AI score0.00318EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/07 12:0 p.m.16 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References3
NVD
NVD
added 2026/04/30 7:16 p.m.8 views

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS0.00547EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 6:35 p.m.25 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.6 views

CVE-2018-25301 Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

8.6CVSS6.5AI score0.00157EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.5 views

EUVD-2018-21822

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

8.6CVSS6.4AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 11:2 a.m.15 views

CVE-2018-25235

NetworkActiv Web Server 4.0 contains a local, username-field buffer overflow in the Security options. The vulnerability is triggered by supplying an excessively long string via the Set username interface, causing the application to crash (DoS). The available documents confirm the affected compone...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.4 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.4AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25355

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References135
EUVD
EUVD
added 2026/03/11 9:31 p.m.6 views

EUVD-2019-19737

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.3AI score0.00151EPSS
Exploits0References3
Rows per page
Query Builder