Lucene search
K

882 matches found

Nuclei
Nuclei
added 16 hours ago56 views

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. id: CVE-2023-32077 info: name: Netmaker - Hardcoded DNS Secret Key author: iamnoooob,rootxharsh,pdresearch...

7.5CVSS6.9AI score0.03147EPSS
Exploits0
Nuclei
Nuclei
added 16 hours ago8 views

Zoho ManageEngine - getUserAPIKey Authentication Bypass

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.5CVSS7.1AI score0.0793EPSS
Exploits0References3
CVE
CVE
added 2 days ago7 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-56300

Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...

8.7CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-9699

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1, Linux-5.10

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections support pairing in Bluetooth Core Specification 4.2 through 5.4. However, these devices are vulnerable to certain man-in-the-middle attacks, which force the use of a short key length. This vulnerability may lead to the...

6.8CVSS6.7AI score0.01297EPSS
Exploits1References2
NVD
NVD
added 2026/06/18 6:16 a.m.13 views

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/16 3:30 a.m.30 views

CVE-2026-6964 Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS0.00323EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-50086

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.8 views

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS5.3AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.28 views

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 10:0 a.m.32 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.11 views

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

6.3CVSS5.3AI score0.00207EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 10:13 p.m.13 views

nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5AI score0.00012EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 5:19 p.m.50 views

Exploit for CVE-2026-46395

CVE-2026-46395 - HAXcms Node.js Private Key Disclosure via Bro...

9.3CVSS5.6AI score0.00295EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

5.5AI score0.0035EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hexadecimal dump of the HMAC key in the caam driver, potentially leading to the exposure of t...

5.3AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder