Lucene search
K

4039 matches found

Nuclei
Nuclei
added 17 hours ago15 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added 17 hours ago85 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.1AI score0.61043EPSS
Exploits0References4
Nuclei
Nuclei
added 17 hours ago32 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

5.3CVSS6.8AI score0.09512EPSS
Exploits5References5
Nuclei
Nuclei
added 17 hours ago42 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.5AI score0.08851EPSS
Exploits5References5
Nuclei
Nuclei
added 19 hours ago43 views

ZenML ZenML Server - Improper Authentication

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...

8.8CVSS6.8AI score0.70581EPSS
Exploits1References5
NVD
NVD
added 3 days ago6 views

CVE-2026-9695

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS0.00326EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42177

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS6AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-9695 Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-9695

DELMIA Apriso (releases 2020–2026) has an Improper Authentication vulnerability that could allow an attacker to gain privileged access to the server. CVSS v3.1 base score 9.8 (CRITICAL), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. No exploit details or remediation are provided in the supplied do...

9.8CVSS6AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS0.00625EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS0.00625EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42036

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References1
CVE
CVE
added 4 days ago19 views

CVE-2026-53483

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago16 views

PT-2026-56187

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-37271

CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...

9.8CVSS6AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

0.00373EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41847

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score0.00619EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/04 12:45 p.m.10 views

EUVD-2026-41672

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter.isalloweduser of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References5
Rows per page
Query Builder