Lucene search
K

194 matches found

Ubuntu
Ubuntu
added 6 days ago6 views

USN-8519-1: Go Cryptography vulnerabilities

Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. CVE-2025-47913 Yuichi Watanabe discovered that Go Cryptography incorrectly handled SSH key exchanges. An attacker could use this to caus...

7.5CVSS6.8AI score0.00868EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.5AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.5AI score0.00662EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/02 12:42 p.m.15 views

USN-8365-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

9.1CVSS5.9AI score0.00454EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 3:33 p.m.15 views

EUVD-2026-32278

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.13 views

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00589EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:16 p.m.10 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:42 p.m.41 views

CVE-2026-35090 Authentication Bypass in Slican telephone exchanges

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS0.00625EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:42 p.m.21 views

CVE-2026-35090

CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...

9.3CVSS5.9AI score0.00625EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:42 p.m.43 views

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:42 p.m.10 views

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00662EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:42 p.m.21 views

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

8.7CVSS5.8AI score0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:42 p.m.8 views

CVE-2026-35087 Authentication Bypass in Slican telephone exchanges

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:42 p.m.43 views

CVE-2026-35087 Authentication Bypass in Slican telephone exchanges

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS0.00662EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:42 p.m.26 views

CVE-2026-35087

CVE-2026-35087 affects Slican telephone exchanges. Affected components include NCP (fixed in 1.24.0250), IPx series (6.61.0040), CCT-1668 (6.56.0430), MAC-6400 (6.56.0430), and CXS-0424 (6.30.0510). The root issue is an administrative protocol authentication bypass, enabling an attacker to bypass...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43701

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.9AI score0.00625EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:3 p.m.12 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2026/05/26 7:30 a.m.11 views

CVE-2026-9496

creationtimestamp| type| source ---|---|--- 2026-05-26 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116639703159350878 2026-05-26 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmqhw45f252v 2026-05-26 09:05:28+00:00| seen|...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References5
HackRead
HackRead
added 2026/04/28 8:53 p.m.8 views

Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/22 8:37 p.m.16 views

Gitea has insecure default SSH settings

Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...

5.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder