1070 matches found
CVE-2026-61503
Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and...
CVE-2026-61503
CVE-2026-61503 – Rejetto HFS : Affects HFS 3.0.0–3.2.0. The login endpoint returns observably different responses depending on whether the username exists, enabling remote, unauthenticated actors to confirm valid accounts (including the default admin) and facilitating password guessing and sessio...
CVE-2026-60001
A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...
CVE-2026-45256
When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...
CVE-2026-47182
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...
EUVD-2026-36495
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...
CVE-2026-47182 Frappe: Broken Access Control on Private Files
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...
CVE-2026-47182
Frappe (full‑stack web framework) contains a broken access control flaw in which any authenticated user could access private files by guessing the file path. Affected versions prior to 16.17.4 are vulnerable; the issue is fixed in 16.17.4. Practical impact is unauthorized access to private files,...
CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
CVE-2026-3329
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...
EUVD-2026-36268
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CVE-2026-3329
CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...
CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...
PT-2026-48810
Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...
PT-2026-48696
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CVE-2026-33212
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...
CVE-2026-25607
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...