Lucene search
K

20672 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.3 views

HP Printer Weak Password Requirement (CVE-2009-0941)

The HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

7.6CVSS5.8AI score0.0302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Advantech ADAM-6000 Use of Default Password (CVE-2008-5848)

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity. This plugin only works with Tenable.ot. Please visit...

10CVSS5.8AI score0.03325EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/29 10:28 p.m.30 views

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.3AI score0.00119EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:49 p.m.3 views

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

6.5CVSS5.4AI score0.00209EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/04/29 10:41 a.m.7 views

Default Security Bypass

Spring Boot is vulnerable to Default Security Bypass. The vulnerability is due to Spring Boot's default web security being ineffective, where an application with no Spring Security configuration and relying on the default web security filter chain can allow unauthorized access to all endpoints, a...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/29 1:44 a.m.7 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS5.3AI score0.0013EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. CVE-2026-42510 Note that Nessus relies on...

7.2CVSS5.7AI score0.0057EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 10:28 p.m.14 views

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.3AI score0.00251EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2026/04/28 10:28 p.m.6 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
OSV
OSV
added 2026/04/28 10:28 p.m.6 views

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References7
NVD
NVD
added 2026/04/28 10:16 p.m.13 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS0.00327EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/28 7:30 p.m.5 views

CVE-2026-7306 Xuxueli xxl-job OpenAPI Endpoint OpenApiController.java hard-coded key

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/28 7:30 p.m.5 views

EUVD-2026-26150

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References6
CVE
CVE
added 2026/04/28 7:30 p.m.16 views

CVE-2026-7306

The CVE-2026-7306 entry affects Xuxueli xxl-job up to version 3.3.2, specifically the OpenAPI Endpoint code path OpenApiController.java in the xxl-job-admin module. The vulnerability arises from manipulation of the default_token argument, which leads to the use of a hard-coded cryptographic key. ...

6.3CVSS5.2AI score0.00327EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/28 6:30 a.m.7 views

OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.9AI score0.0057EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/28 6:30 a.m.7 views

Unsafe Dependency Resolution

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 6:30 a.m.9 views

GHSA-WQPV-C3PP-3M58 OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface...

6.6CVSS5.9AI score0.0057EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 6:16 a.m.5 views

CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS0.0057EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 6:16 a.m.4 views

DEBIAN-CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.6AI score0.0057EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 6:16 a.m.4 views

UBUNTU-CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.9AI score0.0057EPSS
Exploits0References2
Rows per page
Query Builder