CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

682 matches found

RedHat Linux•added 2026/06/10 5:38 p.m.•5 views

keycloak: Keycloak: Denial of Service via malformed LDAP password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.5AI score0.00442EPSS

Exploits0References4

Veracode•added 2026/06/10 7:20 a.m.•10 views

Denial Of Service

Keycloak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of LDAP password policy responses, where a malformed response from a configured LDAP server can trigger an OutOfMemoryError during password authentication processing, causing the Keycloak JVM to termina...

4.9CVSS5.5AI score0.00442EPSS

Exploits0References6Affected Software1

NVD•added 2026/06/09 12:16 a.m.•8 views

CVE-2026-11689

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS0.0021EPSS

Exploits0References2

OSV•added 2026/06/09 12:16 a.m.•3 views

DEBIAN-CVE-2026-11689

8.1CVSS5.4AI score0.0021EPSS

Exploits0References1

CVE•added 2026/06/08 11:27 p.m.•14 views

CVE-2026-11689

Technical details for CVE-2026-11689 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

8.1CVSS5.4AI score0.0021EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/06/08 5:45 a.m.•6 views

CVE-2026-11493

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS5AI score0.00224EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/08 5:45 a.m.•9 views

EUVD-2026-35024

5CVSS5AI score0.00224EPSS

Exploits0References6

Positive Technologies•added 2026/06/08 12:0 a.m.•6 views

PT-2026-47255

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level...

5CVSS4.8AI score0.00224EPSS

Exploits0References7

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47515

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in Passwords allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is ...

9.6CVSS6AI score0.00713EPSS

Exploits4References81

RedhatCVE•added 2026/06/05 7:20 p.m.•9 views

CVE-2026-41038

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading...

8.8CVSS5.5AI score0.00167EPSS

Exploits0References1

Microsoft CVE•added 2026/06/05 2:0 p.m.•7 views

Chromium: CVE-2026-11209 Insufficient policy enforcement in Passwords

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00229EPSS

Exploits0

CVE•added 2026/06/03 1:28 p.m.•12 views

CVE-2026-47325

The CVE-2026-47325 entry concerns the ProjectsAndPrograms school-management-system, where passwords for students and teachers are generated solely from the user’s date of birth (e.g., 12072000), and there is no forced password change at first login. Affected status: the version tied to commit 6b6...

6.9CVSS5.8AI score0.00249EPSS

Exploits0References2

Cvelist•added 2026/06/03 1:28 p.m.•41 views

CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS0.00249EPSS

Exploits0References2

NVD•added 2026/05/28 6:16 a.m.•14 views

CVE-2026-9801

4.9CVSS0.00442EPSS

Exploits0References4

CVE•added 2026/05/28 4:42 a.m.•25 views

CVE-2026-9801

CVE-2026-9801 affects Keycloak. A remote attacker with high privileges (e.g., a realm administrator configuring a malicious LDAP server or compromising an upstream LDAP server) can trigger an OutOfMemoryError by sending a malformed LDAP password policy response during authentication, causing the ...

4.9CVSS5.8AI score0.00442EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/28 4:42 a.m.•10 views

CVE-2026-9801

4.9CVSS5.8AI score0.00442EPSS

Exploits0References3

Cvelist•added 2026/05/28 4:42 a.m.•31 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

4.9CVSS0.00442EPSS

Exploits0References4

EUVD•added 2026/05/28 4:42 a.m.•15 views

EUVD-2026-32718