CVE-2026-41263

A flaw was found in Traefik. A remote attacker can exploit a timing side-channel vulnerability in Traefik's BasicAuth middleware. This flaw allows an attacker to enumerate valid usernames by observing differences in authentication response times. The vulnerability arises because a constant-time...

EUVD-2017-2925

Malware in sbrugna...

CVE-2025-6527

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is...

CVE-2025-21605

A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

PT-2024-32675 · Pomerium +1 · Pomerium +1

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.27.1 Description: Pomerium is an identity and context-aware access proxy. The Pomerium databroker service manages all persistent Pomerium application state. Requests to the databroker service API are authorized by...

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and...

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass (cisco-sa-20180926-macsec)

According to its self-reported version, Cisco IOS XE Software is affected by an authentication bypass vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality due to a logic error. An unauthenticated, adjacent attacker c...

Authentication flaw

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

CVE-2018-15372

Cisco IOS XE Software MACsec MKA using EAP-TLS authentication contains a logic error that can let an unauthenticated adjacent attacker pass traffic through a Layer 3 interface configured for MACsec MKA in access-session closed mode, bypassing 802.1x controls. Affected components, impact, and expl...

CVE-2018-15372 Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

CVE-2018-15372 Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

CVE-2017-11291

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery SSRF vulnerability exists that could be abused to bypass network access controls...

Server side request forgery (ssrf)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery SSRF vulnerability exists that could be abused to bypass network access controls...

CVE-2017-11291

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery SSRF vulnerability exists that could be abused to bypass network access controls...

CVE-2017-11291

Adobe Connect 9.6.2 and earlier is affected by CVE-2017-11291, a Server-Side Request Forgery (SSRF) vulnerability that could bypass network access controls. The issue is documented across multiple sources: the NVD entry for CVE-2017-11291 (CVSS v3: 10.0, NETWORK, HIGH impact on confidentiality/ i...

Adobe Connect Multiple Vulnerabilities (APSB17-35)

Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...

The CIS Critical Security Controls Explained - Control 2: Inventory of Authorized and Unauthorized Software

As I mentioned in our last post, the 20 critical controls are divided into System, Network, and Application families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,...

Working Resources BadBlue 1.7.x/2.x Unauthorized Proxy Relay Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11030/info BadBlue is prone to a vulnerability that may let the application be abused as a proxy. This vulnerability presents itself due to the 'Pass Thru' function allowing the server to be used as a proxy. This could be...

Microsoft Windows Print Spooler CVE-2012-1851 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers. Technologies Affected...