Lucene search
+L

1486 matches found

Nuclei
Nuclei
added 4 hours ago73 views

Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

9.8CVSS8.7AI score0.01999EPSS
Exploits0References2
Nuclei
Nuclei
added 4 hours ago45 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS8.4AI score0.13117EPSS
Exploits6References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS5.5AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago196 views

Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS6.5AI score0.56147EPSS
Exploits5References5
OSV
OSV
added 3 days ago3 views

CVE-2026-55652 Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADERLOGINTRUSTEDIPS uses getRequestIp in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADERLOGINID f...

9.8CVSS6.1AI score0.00355EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 3 days ago9 views

SUSE CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

7.5CVSS6.7AI score0.00351EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/09 11:30 p.m.33 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 p.m.25 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

7.1CVSS0.0015EPSS
Exploits1References1
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.28 views

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

5.1CVSS5.3AI score0.00289EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:13 p.m.8 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.4AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/18 4:13 p.m.12 views

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.3AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

5.1CVSS5.8AI score0.00289EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.11 views

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

7.3CVSS5.3AI score0.00229EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

7.5CVSS6.1AI score0.00387EPSS
Exploits1References14
GithubExploit
GithubExploit
added 2026/06/14 10:36 p.m.98 views

Exploit for CVE-2026-36826

CVE-2026-36826: SQL Injection in genesisQL = 1.1.1 Summar...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS before Monterey 12.4 contained security vulnerabilities. These vulnerabilities were due to consistency issues, which could allow those with access to a Mac to bypass th...

3.5CVSS5.3AI score0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 12:16 p.m.14 views

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS0.70099EPSS
Exploits5References3
CVE
CVE
added 2026/06/08 11:7 a.m.1096 views

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5References3Affected Software1
Rows per page
Query Builder