Lucene search
+L

1027 matches found

Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-10706

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

7.5CVSS0.00303EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5359 Grafana Tempo has Inadequate Encryption Strength in github.com/grafana/tempo

Grafana Tempo has Inadequate Encryption Strength in github.com/grafana/tempo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

7.5CVSS5.9AI score0.00155EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-62340

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

5.3CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:17 p.m.23 views

CVE-2025-62340

HCL iControl is affected by CVE-2025-62340 (Inadequate Session Timeout). The vulnerability is a failure of the web application to automatically terminate user sessions after a period of inactivity. According to the provided sources, the affected product is HCL iControl, with impact described as C...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50376

Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Redos
Redos
added 2026/06/09 12:0 a.m.9 views

ROS-20260609-73-0020

The vulnerability of the Canvas2D component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

7.5CVSS5.4AI score0.00687EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 a.m.15 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 1:48 p.m.11 views

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

5.9CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 1:48 p.m.45 views

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

5.9CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:48 p.m.14 views

CVE-2024-40684

CVE-2024-40684 affects IBM Operations Analytics – Log Analysis (versions 1.3.5.0–1.3.8.4). The root cause is weaknesses in backend authentication and session management that allow weak password policy enforcement by default, facilitating potential account compromise. Impact is described as a lack...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Inadequate content filtering within the checkAttribute methods leads to Cross-Site Scripting XSS, a condition where malicious scripts are injected into otherwise...

6.9CVSS5.8AI score0.00144EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/14 9:25 p.m.9 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...

10CVSS5.8AI score0.00124EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/14 5:49 p.m.20 views

Inadequate Encryption Strength

github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...

10CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.4 views

The vulnerability of the WebAssembly component in the Firefox web browser and the Thunderbird email client, which allows a hacker to trigger a service failure

The vulnerability of the WebAssembly component in the Firefox web browser and the Thunderbird email client is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a remote attacker to cause service failures...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References11Affected Software3
NVD
NVD
added 2026/04/22 2:17 p.m.11 views

CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

8.7CVSS0.0027EPSS
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/21 12:0 a.m.15 views

[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33925

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...

8.7CVSS6.6AI score0.00449EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:32 p.m.3 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate authorization checks in the containerRequestHandler process. An attacker can gain unauthorized access to sensitive system information and trigger actions on systems they do not belong to b...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
Rows per page
Query Builder