Lucene search
K

871 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-41205

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description The 'checkBasicAuth' endpoint validates credentials in plaintext using direct comparison without rate limiting. This allows attackers to perform unlimited brute-force attempts against the username an...

9.1CVSS7.2AI score0.00251EPSS
Exploits0References7
NVD
NVD
added 2026/04/28 11:16 a.m.6 views

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 10:24 a.m.3 views

CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 10:24 a.m.7 views

EUVD-2026-26030

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 10:24 a.m.9 views

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35708

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References3
NVD
NVD
added 2026/04/27 4:16 a.m.5 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 2:54 a.m.14 views

CVE-2026-3867

CVE-2026-3867 and CVE-2026-3868 affect Moxa’s Secure Router. CVE-2026-3867: improper ownership management may allow a low-privileged authenticated user to access a configuration file containing the hashed admin password when the config is exported, exposing sensitive information (confidentiality ...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 2:54 a.m.4 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 2:54 a.m.5 views

EUVD-2026-25756

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

8.7CVSS5.4AI score0.00368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35345

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Apache::API::Password 安全漏洞

Apache::API::Password is a password management module provided by the Apache Foundation. Versions of Apache::API::Password up to v0.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of an insecure random number generator for generating salts, which could compromis...

7.5CVSS5.7AI score0.00572EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 2:33 p.m.3 views

OPENSUSE-SU-2026:20533-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS5.8AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 1:47 p.m.6 views

SUSE-SU-2026:21112-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS6.6AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2026/04/14 1:47 p.m.3 views

SUSE-SU-2026:21192-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS5.8AI score0.00265EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/14 1:6 a.m.12 views

Kimai leaks API Token Hash via Invoice Twig Template

Summary The Twig sandbox used for invoice templates blocks certain sensitive User methods password, TOTP secret, etc. via a blocklist in StrictPolicy::checkMethodAllowed. However, getApiToken and getPlainApiToken are not on the blocklist. An admin who creates an invoice template can embed calls t...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/11 2:3 p.m.6 views

OESA-2026-1834 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 11:16 p.m.5 views

DEBIAN-CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.7AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 11:16 p.m.7 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS0.00108EPSS
Exploits0References2
Rows per page
Query Builder