Lucene search
K

22 matches found

CVE
CVE
added yesterday6 views

CVE-2026-58446

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score
Exploits0References5
CVE
CVE
added 6 days ago12 views

CVE-2026-2815

The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 4:50 p.m.12 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication when decoding JSON Web Tokens. An attacker can forge valid tokens by supplying a public key as the secret for the HMAC algorithm when both asymmetric and HMAC algorithms are supported. PoC python from jwt.apijws...

8.8CVSS5.8AI score0.00379EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/28 3:9 p.m.9 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00379EPSS
Exploits1
OSV
OSV
added 2025/11/20 2:6 p.m.5 views

CLSA-2025-1763647564 xorg-x11-server-Xwayland: Fix of 3 CVEs

CVE-2024-0409: fix incorrect cursor private key usage in Xwayland/Xephyr that caused XSELINUX devPrivates corruption - CVE-2025-26597: fix buffer overflow in XkbChangeTypesOfKey by properly resizing key syms and actions when nGroups is zero - CVE-2025-26594: fix root cursor lifetime handling to...

7.8CVSS7.3AI score0.00474EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-18912

Malware in sbrugna...

5.3CVSS6.9AI score0.02759EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25874

Malicious code in bioql PyPI...

6.3CVSS4.8AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25250

Malicious code in bioql PyPI...

6.5CVSS5.2AI score0.0061EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

Fuso 安全漏洞

Fuso is a small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption A small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports...

6.3CVSS4.8AI score0.00141EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/07/08 12:48 p.m.2 views

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...

7.8CVSS5.8AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28430 · Qualcomm · Snapdragon +189

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A cryptographic issue exists while processing crypto API calls. Missing checks may lead to corrupted key usage or IV reuses. Recommendations: At the moment, there is no information about a...

7.8CVSS6.2AI score0.00088EPSS
Exploits0References4
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-FJCF-3J3R-78RP LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7.3AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 12:44 a.m.10 views

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...

8.1CVSS6.9AI score0.00603EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.3 views

SUSE CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS6.9AI score0.01119EPSS
Exploits0References3
OSV
OSV
added 2023/01/14 2:15 a.m.3 views

DEBIAN-CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7.5AI score0.0068EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/14 1:2 a.m.7 views

CVE-2023-22497 Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

6.5CVSS8AI score0.0068EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 10:17 p.m.37 views

GHSA-FFQJ-6FQR-9H24 Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

7.4CVSS6.8AI score0.012EPSS
Exploits0References8
OSV
OSV
added 2022/05/03 4:15 p.m.4 views

ALPINE-CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS7AI score0.01026EPSS
Exploits0References1
OSV
OSV
added 2022/05/03 12:0 a.m.1 views

UBUNTU-CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS6.8AI score0.01026EPSS
Exploits0References4
Rows per page
Query Builder