CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

273 matches found

NVD•added 2026/03/13 7:54 p.m.•4 views

CVE-2026-31882

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

7.5CVSS0.00778EPSS

Exploits1References4

Tenable Nessus•added 2026/03/04 12:0 a.m.•4 views

Debian dla-4494 : liborthancframework-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4494-1 [email protected] https://www.debian.org/lts/security/...

5.7CVSS5.8AI score0.00408EPSS

Exploits0References4

ATTACKERKB•added 2026/02/20 4:0 p.m.•5 views

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

7.5CVSS5.5AI score0.00242EPSS

Exploits0References3

Debian CVE•added 2026/02/18 10:59 p.m.•5 views

CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...

5.7CVSS5.2AI score0.00408EPSS

Exploits0

RedhatCVE•added 2026/01/09 10:10 a.m.•6 views

CVE-2019-11367

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...

9.8CVSS7.1AI score0.0282EPSS

Exploits5References1