Lucene search
K

1070 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61503

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...

6.9CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-61503

CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...

6.9CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-60001

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6AI score0.00265EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-45256

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

5.5CVSS0.00092EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.17 views

CVE-2026-47182

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:39 p.m.13 views

EUVD-2026-36495

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:39 p.m.28 views

CVE-2026-47182 Frappe: Broken Access Control on Private Files

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:39 p.m.21 views

CVE-2026-47182

Frappe (full‑stack web framework) contains a broken access control flaw in which any authenticated user could access private files by guessing the file path. Affected versions prior to 16.17.4 are vulnerable; the issue is fixed in 16.17.4. Practical impact is unauthorized access to private files,...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:19 p.m.35 views

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

0.00319EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-3329

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 5:16 p.m.14 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

6.1AI score0.00078EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/11 5:0 p.m.9 views

EUVD-2026-36268

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 5:0 p.m.9 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:0 p.m.25 views

CVE-2026-3329

CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 5:0 p.m.28 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...

8.7CVSS5.4AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.25 views

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

9.8CVSS6.2AI score0.00078EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-25607

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

5.7CVSS5.4AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder