Lucene search
K

89 matches found

NVD
NVD
added 2026/06/26 11:16 a.m.10 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 10:6 a.m.13 views

CVE-2026-57913

CVE-2026-57913 affects Johnson & Johnson ATMS (Audit Tracking Management System) prior to 2026-04-21, enabling viewing of meeting minutes and transcripts. The available data do not specify root cause, affected versions beyond the date, or exploitable vectors beyond unauthenticated access indicate...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:6 a.m.9 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 10:6 a.m.36 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 10:6 a.m.8 views

EUVD-2026-39644

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.13 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 12:46 p.m.9 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46326

Unauthenticated Local File Inclusion in Raider Spirit = 1.1.2 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46346

Unauthenticated Local File Inclusion in Wanium = 1.9.8 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
HackRead
HackRead
added 2026/05/21 4:3 p.m.16 views

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/06 5:3 p.m.8 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

9.8CVSS6.1AI score0.00764EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-35731

Name of the Vulnerable Software and Affected Versions nginx-ui versions prior to 2.3.8 Description An authentication bypass exists in the backup restore functionality. During the first 10 minutes after a fresh installation or any process restart, the 'POST /api/restore' endpoint is completely...

9.8CVSS6AI score0.00764EPSS
Exploits1References20
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Windows Service for User (S4U) Scheduled Task Persistence Schedule Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/11 6:37 p.m.3 views

EUVD-2026-11294

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

7.7CVSS5.9AI score0.0043EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 9:58 p.m.8 views

EUVD-2026-9499

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
HackRead
HackRead
added 2026/02/04 10:31 a.m.8 views

Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach...

5.4AI score
Exploits0
NVD
NVD
added 2026/01/06 4:15 p.m.6 views

CVE-2020-36907

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

8.7CVSS0.0048EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/12/16 9:20 a.m.5 views

CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...

8.1CVSS6.2AI score0.00441EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/19 6:47 p.m.8 views

authentik's invitation expiry is delayed by at least 5 minutes

Summary In previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes...

5.8CVSS6.9AI score0.00221EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/11/19 5:3 p.m.7 views

EUVD-2025-198187

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS5.9AI score0.00221EPSS
Exploits0References4
Rows per page
Query Builder