Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted...

4.3CVSS5.5AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11135

Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 8:32 p.m.12 views

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

8.8CVSS6.2AI score0.00488EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-002948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002948 advisory. An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jumped over the stack...

7.4CVSS7.6AI score0.05186EPSS
Exploits3References28
RedhatCVE
RedhatCVE
added 2026/01/01 3:32 p.m.5 views

CVE-2025-63022

Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through = 1.5.3...

5.3CVSS5.9AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2024-32416

Malicious code in bioql PyPI...

9.8CVSS7.6AI score0.00801EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed...

6.1CVSS6.7AI score0.01179EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 7:15 p.m.7 views

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

6.9CVSS0.00341EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:22 a.m.8 views

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS6.7AI score0.00685EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.5 views

The vulnerability of TOTOLINK A3300R router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to bypass security restrictions and change Wi-Fi passwords.

The vulnerability of TOTOLINK A3300R router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and change the Wi-Fi password by resetting it on the /wizard.html or...

7.8CVSS7.2AI score0.00537EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.6 views

PT-2024-20521 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login plugin for WordPress versions up to, and including, 1.9.15.2 Description: The issue is related to a bypass that allows attackers to discover hidden login pages when the action parameter is set to postpass. This makes it possibl...

5.3CVSS6.1AI score0.01235EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.7 views

PT-2024-15945 · WordPress · Simple Page Access Restriction

Name of the Vulnerable Software and Affected Versions: Simple Page Access Restriction plugin for WordPress versions up to, and including, 1.0.21 Description: The issue allows unauthenticated attackers to bypass page restrictions and view page content via the REST API. This is possible due to...

5.3CVSS6.2AI score0.00482EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/11/17 6:15 a.m.3 views

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS6AI score0.00685EPSS
Exploits0References8
OSV
OSV
added 2023/11/17 6:15 a.m.4 views

DEBIAN-CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS5.7AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.5 views

openNDS Security Vulnerabilities

openNDS is a high-performance, small footprint portal system from openNDS open source. A security vulnerability exists in versions prior to openNDS 10.1.2 that originates from allowing a user to skip the startup page sequence when the default FAS key is used and OpenNDS is configured for FAS...

5.3CVSS6.7AI score0.00685EPSS
Exploits0References8
OSV
OSV
added 2023/03/07 10:15 p.m.1 views

UBUNTU-CVE-2023-1224

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.2AI score0.00444EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/02 12:0 a.m.12 views

CVE-2021-30558

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chrome security severity: Medium...

8AI score0.11494EPSS
Exploits1References2
Prion
Prion
added 2022/11/30 12:15 a.m.18 views

Design/Logic Flaw

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.8AI score0.0054EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.16 views

CVE-2022-38168

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification...

9.5AI score0.01068EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2021/03/09 5:46 p.m.19 views

CVE-2021-21172

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...

8.1CVSS8.2AI score0.0165EPSS
Exploits1
Rows per page
Query Builder