Lucene search
K

1220 matches found

CVE
CVE
added yesterday9 views

CVE-2026-54772

CoreWCF (net.tcp/net.pipe/net.uds) prior to versions 1.8.1 and 1.9.1 is affected. An unauthenticated remote attacker can trigger premature EOF handling in the framing handshake, causing one server thread-pool worker to be pinned at 100% CPU per connection and potentially exhausting CPU with multi...

7.5CVSS6AI score
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday3 views

CVE-2026-58250

CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...

7.5CVSS5.9AI score
Exploits0References5
Nuclei
Nuclei
added yesterday103 views

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. id: CVE-2022-47501 info: name: Apache OFBiz 18.12.07 - Local File Inclusion author: your3cho severity:...

7.5CVSS7.1AI score0.1018EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday21 views

OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

10CVSS7.5AI score0.99999EPSS
Exploits10References2
Nuclei
Nuclei
added yesterday56 views

SonicWall SMA1000 LFI

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. id: CVE-2023-0126 info: name: SonicWall SMA1000 LFI author: tess severity: high description...

7.5CVSS7.2AI score0.72699EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago59 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.9AI score0.83337EPSS
Exploits4References5
NVD
NVD
added 3 days ago8 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41888

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago7 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References1
CVE
CVE
added 3 days ago28 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score0.00561EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-40139

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.8CVSS6AI score0.00653EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-40139 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...

9.2CVSS0.00653EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References2
CVE
CVE
added 3 days ago51 views

CVE-2026-40138

CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...

9.2CVSS6AI score0.00417EPSS
Exploits0References1Affected Software2
OSV
OSV
added 3 days ago3 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
Rows per page
Query Builder