Lucene search
K

35 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-56765

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42890

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 6:36 p.m.2 views

EUVD-2025-209164

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.23 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

5.9CVSS0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.14 views

macOS 15.x < 15.7.5 Multiple Vulnerabilities (126795)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.5. It is, therefore, affected by multiple vulnerabilities: - A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, mac...

9.3CVSS6.6AI score0.01527EPSS
Exploits4References60
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.14 views

PT-2026-25998

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS6AI score0.00327EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:50 a.m.4 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/13 8:51 p.m.20 views

CVE-2026-26333

The CVE describes an unauthenticated .NET Remoting HTTP service on TCP port 8001 in VeraSMART versions prior to 2022 R1. It exposes default ObjectURIs (e.g., EndeavorServer.rem, RemoteFileReceiver.rem) and allows SOAP/binary formatters with TypeFilterLevel set to Full. An unauthenticated attacker...

10CVSS6.6AI score0.00929EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/01/21 3:31 p.m.5 views

Files or Directories Accessible to External Parties

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the AllowPathBuilder behavior accessible via the create core API. An attacker can read...

7.1CVSS5.7AI score0.00654EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : ipa-4.6.8-5.17.0.1.el7.AXS7 (AXSA:2024-8141:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8141:06 advisory. ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force CVE-2024-3183 Tenable has extracted the preceding descriptio...

8.1CVSS5.6AI score0.02053EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-40760

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes fo...

6.8CVSS6.5AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 8:15 p.m.6 views

CVE-2018-25129

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like...

7.5CVSS0.00308EPSS
Exploits1References3
NVD
NVD
added 2025/12/16 7:15 p.m.6 views

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/02 12:37 a.m.7 views

EUVD-2025-200106

Grav Exposes Password Hashes Leading to privilege escalation...

6.2CVSS6.6AI score0.00359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.7 views

PT-2025-48563

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack thes...

6.2CVSS6.9AI score0.00359EPSS
Exploits1References3
CVE
CVE
added 2025/11/13 9:46 p.m.15 views

CVE-2025-64753

CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...

6.5CVSS6.1AI score0.00219EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.8 views

PT-2025-44801

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

8.8CVSS6.3AI score0.01187EPSS
Exploits0References5
CVE
CVE
added 2025/10/15 8:26 a.m.26 views

CVE-2025-11196

The CVE-2025-11196 issue affects the WordPress External Login plugin (versions up to 1.11.2). The vulnerability is due to the exlog_test_connection AJAX action lacking capability checks or nonce validation, enabling authenticated users with subscriber-level access and above to query the external ...

4.3CVSS5.2AI score0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-7026

Malware in sbrugna...

5CVSS8.6AI score0.0263EPSS
Exploits8References3
Rows per page
Query Builder