Lucene search
K

58537 matches found

EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.00479EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-13728 WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-13728

WatchGuard Fireware OS on a FireCluster is affected by CVE-2026-13728. Affected versions include Fireware OS 12.1 through 12.12, and 2025.1 through 2026.2. In exception circumstances, an embedded encryption key is used to encrypt saved credentials for Access Portal resources, which constitutes th...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 6 days ago5 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS0.00266EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS0.00505EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58466 AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user()

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS0.00505EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41435

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References4
CVE
CVE
added 6 days ago11 views

CVE-2026-58466

AutoBangumi prior to version 3.2.8 contains a hard-coded default-credentials vulnerability. When the users table is empty, a default administrator account is seeded at startup via add_default_user() in the database user module, allowing unauthenticated attackers to authenticate as admin by submit...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59092 JuiceFS - Authentication Bypass via pprof and metrics Endpoints

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS0.00266EPSS
Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-59092

JuiceFS

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References5
Rows per page
Query Builder