Lucene search
K

25564 matches found

CVE
CVE
added 2026/03/05 4:4 p.m.23 views

CVE-2026-30785

RustDesk Client (through version 1.4.5) is affected by CVE-2026-30785 due to a vulnerability described as Prototype Pollution and weak password hashing in the password_security, config, and machine-uid-related code paths (hbb_common and related modules). The issue can allow Retrieve Embedded Sens...

8.2CVSS6AI score0.00083EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 1:39 p.m.7 views

CVE-2026-27441

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 9:12 a.m.6 views

RLSA-2026:3476 Important: udisks2 security update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE-2026-26104 udisks: Missing Authorization Che...

7.1CVSS5.8AI score0.00075EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/05 6:50 a.m.5 views

SUSE CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9594

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

6AI score0.00447EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 5:34 a.m.14 views

CVE-2026-23767

CVE-2026-23767 concerns the ESC/POS printer control language used by Seiko Epson, where there is no user authentication or command authorization, no mechanism to restrict network sources/destinations, and no encryption or integrity protection for transmitted commands. Multiple connected sources (...

9.8CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 5:34 a.m.4 views

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

5.8AI score0.00447EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 5:34 a.m.32 views

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

0.00447EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:34 a.m.4 views

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

6AI score0.00447EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/05 12:0 a.m.10 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials, session...

9.8CVSS6AI score0.22162EPSS
Exploits12References7Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

RustDesk Server PRO 安全漏洞

RustDesk Server PRO is a set of remote desktop server management scripts developed by RustDesk’s individual developers. Versions of RustDesk Server PRO prior to 1.7.5 contained security vulnerabilities, which stemmed from the use of defective encryption algorithms. These vulnerabilities could lea...

8.7CVSS5.8AI score0.00226EPSS
Exploits1References3
Amazon
Amazon
added 2026/03/05 12:0 a.m.4 views

Medium: python-jwt

Issue Overview: pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Affected Packages: python-jwt Issue Correction: Run dnf update python-jwt --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1467 --releasever 2023.10.20260302 to update your system. More...

7CVSS5.8AI score0.00153EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23215

Name of the Vulnerable Software and Affected Versions ESC/POS affected versions not specified Description ESC/POS, a printer control language developed by Seiko Epson Corporation, does not include user authentication or command authorization features. It also lacks controls to limit network...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from th...

8.7CVSS5.8AI score0.0024EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23481

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.3 Description Nginx UI is a web user interface for the Nginx web server. A critical flaw exists where the '/api/backup' endpoint is accessible without authentication. When this endpoint is accessed, the server...

10CVSS7.2AI score0.22162EPSS
Exploits12References209
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-3337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing...

8.2CVSS6AI score0.01079EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 6:31 p.m.4 views

EUVD-2026-9413

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 6:31 p.m.9 views

EUVD-2025-208278

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 5:16 p.m.6 views

CVE-2026-23601

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS5.7AI score0.00084EPSS
Exploits0References1
Rows per page
Query Builder