5271 matches found
CVE-2026-57288
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...
EUVD-2026-38768
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...
CVE-2026-57288
CVE-2026-57288 — Jenkins Active Directory Plugin versions up to 2.41.1 are affected. The vulnerability arises because the plugin does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, enabling unauthenticated attackers to inject LDAP w...
CURL-CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-9616
The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
EUVD-2026-38675
The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9616
The CVE concerns the WordPress plugin Generate Security.txt (
CVE-2026-9616 Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action
The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-47380
CVE-2026-47380 affects NocoDB. The vulnerability stems from an unknown-user sign-in path in auth.service.ts where the unknown-user branch returned without a password hash check, causing timing differences between known and unknown emails. This could enable network-positioned attackers to enumerat...
CVE-2018-20841
creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:21+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b21d7141-02c8-447c-954b-610dc9b2731f...
CVE-2021-39509
creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:18+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eebbb5b3-1e7e-4a0c-a700-57c26308a5a3...
CVE-2024-32737
creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:10+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3381d2d5-7b41-475f-af53-9becd9af922a...
CVE-2024-4841
creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:09+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/523e02eb-754c-419a-8ef2-82f1efb21626...
EUVD-2026-38412
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...
CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...
CVE-2007-4428
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:42+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/052a7f18-b676-4fd7-8db1-f632d9b68205...
CVE-2007-5807
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:42+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4c91cf5e-2d2a-4e17-bec7-0d14f5aa0bfe 2026-06-23 14:04:18+00:00| exploited|...
CVE-2008-1841
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:42+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/482f9788-fce3-405e-a7e0-d06a21629e87 2026-06-23 14:04:17+00:00| exploited|...
CVE-2008-5227
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:41+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/285694e8-10a5-46cc-97cd-29aacc231b7e 2026-06-23 14:04:16+00:00| exploited|...
CVE-2009-1054
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:41+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/21d51942-a812-470d-bd72-318166dfbcf4 2026-06-23 14:04:16+00:00| exploited|...