CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

123 matches found

DEBIAN-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00029EPSS

Exploits0References1

Snyk•added 2026/05/27 9:35 p.m.•8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AuthorizedKeysFile %u token. An attacker can gain unauthorized SSH authentication by supplying a specially crafted username containing path traversal sequences, allowing the server to read an...

7.7CVSS6.3AI score0.00221EPSS

Exploits0References2

NVD•added 2026/05/13 10:16 p.m.•9 views

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

6.5CVSS0.00318EPSS

Exploits1References2

CVE•added 2026/05/13 9:52 p.m.•19 views

CVE-2026-44195

OPNsense (FreeBSD-based firewall) prior to 26.1.7 contains a logic flaw in the lockout_handler that allows an unauthenticated attacker to repeatedly reset the authentication failure counter for their IP. By inserting a crafted username containing a success keyword (e.g., “Accepted” or “Successful...

6.5CVSS5.8AI score0.00318EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/13 9:52 p.m.•6 views

CVE-2026-44195 OPNsense: Authentication lockout bypass

5.3CVSS5.8AI score0.00318EPSS

Exploits1References1

ATTACKERKB•added 2026/05/13 9:52 p.m.•9 views

CVE-2026-44195

5.3CVSS5.8AI score0.00318EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/05/13 12:0 a.m.•11 views

PT-2026-40828

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.7 Description A logic flaw in the lockout handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a...

5.3CVSS5.8AI score0.00318EPSS

Exploits1References5

RedhatCVE•added 2026/05/07 12:0 p.m.•11 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.00862EPSS

Exploits0References3

NVD•added 2026/04/30 7:16 p.m.•5 views

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS0.00547EPSS

Exploits0References3

CVE•added 2026/04/30 6:35 p.m.•19 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/29 7:24 p.m.•3 views

EUVD-2018-21822

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

8.6CVSS6.4AI score0.00157EPSS

Exploits0References3

Vulnrichment•added 2026/04/29 7:24 p.m.•5 views

CVE-2018-25301 Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow

8.6CVSS6.5AI score0.00157EPSS

Exploits0References3

CVE•added 2026/03/30 11:2 a.m.•11 views

CVE-2018-25235

NetworkActiv Web Server 4.0 contains a local, username-field buffer overflow in the Security options. The vulnerability is triggered by supplying an excessively long string via the Set username interface, causing the application to crash (DoS). The available documents confirm the affected compone...

6.9CVSS6.1AI score0.00221EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/03/26 2:57 p.m.•2 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.4AI score0.00151EPSS

Exploits0References1

Positive Technologies•added 2026/03/13 12:0 a.m.•8 views

PT-2026-25355

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open source, event-driven file transfer solution. Versions of SFTPGo before 2.7.1 contain an input validation issue when handling dynamic group paths, such as home directories or key...

9.9CVSS7.1AI score0.22162EPSS

Exploits68References135

EUVD•added 2026/03/11 9:31 p.m.•4 views

EUVD-2019-19737

8.6CVSS6.3AI score0.00151EPSS

Exploits0References3