Lucene search
+L

874 matches found

CVE
CVE
added 2026/06/25 9:18 p.m.26 views

CVE-2026-8720

CVE-2026-8720 affects wolfSSL’s HMAC-BLAKE2 APIs (wc_Blake2bHmacFinal, wc_Blake2sHmacFinal). When the supplied key length exceeds the BLAKE2 block size, the key-hashing branch reinitializes the running hash state and discards accumulated message data, causing the MAC to depend only on the key and...

7.5CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 3:13 p.m.8 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 1:16 p.m.17 views

CVE-2026-56243

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS0.00273EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.10 views

CVE-2026-56243

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.36 views

CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.10 views

EUVD-2026-38430

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 12:12 p.m.4 views

CVE-2026-56243 Capgo - Hashed API Key Enforcement Bypass via PostgREST/RLS Plane

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 12:12 p.m.15 views

CVE-2026-56243

Capgo before 12.128.2 has a security control bypass in the PostgREST/RLS plane: it accepts plaintext API keys via the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext keys directly to the PostgREST/RLS plane t...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 5:16 p.m.13 views

CVE-2026-20190

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 4:17 p.m.28 views

CVE-2026-20190 Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.10 views

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50459

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Improper authorization checks when accessing a resource could allow an unauthenticated, remote attacker to view sensitive information on an...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/06/16 12:57 p.m.9 views

CVE-2026-54411

A flaw was found in Linux-PAM's pamuserdb module. This vulnerability, categorized as an Observable Timing Discrepancy CWE-208, allows a local or network-adjacent attacker to recover plaintext passwords. By repeatedly attempting authentication and measuring response-timing differences during...

8.2CVSS5.2AI score0.00321EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.17 views

SUSE CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7CVSS5.4AI score0.00138EPSS
Exploits0References10
NVD
NVD
added 2026/06/08 4:16 p.m.11 views

CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7.8CVSS0.00138EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 4:16 p.m.7 views

UBUNTU-CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

8.5CVSS5.3AI score0.00138EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 2:30 p.m.12 views

EUVD-2026-35078

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

5.4AI score0.00138EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 2:30 p.m.47 views

CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7.8CVSS0.00138EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 2:30 p.m.3 views

CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References8
Rows per page
Query Builder