Lucene search
K

197 matches found

NVD
NVD
added 2026/03/27 1:16 a.m.11 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS0.00543EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 12:43 a.m.8 views

CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00543EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/27 12:43 a.m.9 views

EUVD-2026-16521

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.8AI score0.00543EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References1
NVD
NVD
added 2026/03/16 2:19 p.m.5 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS0.0034EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:41 p.m.2 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:41 p.m.49 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS0.0034EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/13 9:41 p.m.7 views

EUVD-2026-12180

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25401

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References8
OSV
OSV
added 2026/03/04 5:21 a.m.4 views

MINI-344H-XXXC-95WH

Bulletin has no description...

8.6CVSS5.9AI score0.00532EPSS
Exploits0
Android Security Bulletins
Android Security Bulletins
added 2026/03/02 12:0 a.m.25 views

Android Security Bulletin—March 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Source code patches...

9.8CVSS7.9AI score0.01068EPSS
Exploits9
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.6 views

European Commission Cyber-Attack Response

On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members. The Commission's swift response ensured the incident was contained and the...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 11:55 a.m.8 views

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

Just a few years ago, the cloud was touted as the "magic pill" for any cyber threat or performance issue. Many were lured by the "always-on" dream, trading granular control for the convenience of managed services. In recent years, many of us have learned often the hard way that public cloud servi...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/10 12:0 a.m.6 views

Fedora 43 : python-urllib3 (2026-724d1b1044)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-724d1b1044 advisory. 2.6.3 2026-01-07 - Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were...

8.9CVSS7.3AI score0.02667EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.4 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2026/01/08 6:16 p.m.7 views

CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS0.00207EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 6:16 p.m.5 views

CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.4CVSS5.8AI score0.00207EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 5:11 p.m.8 views

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/08 5:11 p.m.25 views

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS0.00207EPSS
Exploits0References3
ICS
ICS
added 2026/01/08 4:36 p.m.10 views

OPEXUS eCASE

RISK EVALUATION OPEXUS eCASE Audit contains multiple vulnerabilities. An authenticated attacker could bypass authorization or inject JavaScript that could be executed in the context of other users. 2. RECOMMENDED PRACTICES Update to eCase Audit v11.14.2.0 and eCase Platform v11.14.1.0. 3...

7.6CVSS6.7AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder