490 matches found
RHEL 10 : dovecot (RHSA-2026:19149)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19149 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
CVE-2026-45829
A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerability allows an unauthenticated attacker to execute arbitrary code on the server. The attacker can achieve this by sending a malicious model repository to the...
PT-2026-41771
Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description In default deployments where no DOZZLE AUTH PROVIDER is set, the endpoint 'POST /api/notifications/test-webhook' is accessible without authentication. This allows an unauthenticated attacker to perfo...
RHEL 10 : dovecot (RHSA-2026:17602)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17602 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
SUSE CVE-2026-42859
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...
dnsmasq_2.92_pocs
dnsmasq 2.92 — Proof of Concepts Self-contained reproduction...
CVE-2026-42859 Neat VNC: Buffer overflow due to oversized RSA public keys
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...
Exploit for SQL Injection in Litellm
CVE-2026-42208 — LiteLLM Pre-Auth SQL Injection Timing PoC Lo...
CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...
CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...
CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...
CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...
PT-2026-35728
CVE-2026-29017: Atlassian Confluence OGNL Injection — Pre-Auth RCE https://t.co/kcWQ5p0sYk anthropic aisecurity alert cybersecurity...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Research Repository !License: MIThttps://i...
Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa
CVE-2026-25895 — FUXA for code execution within 60 seconds...
CVE-2026-41328
Dgraph pre-auth vulnerability CVE-2026-41328 allows unauthenticated full read of data via DQL injection in NQuad Lang field. Root cause: addQueryIfUnique builds DQL using fmt.Sprintf with pred.Lang appended to predicateName, and Lang is parsed from mutation keys without validation, enabling injec...
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
Summary A pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for 2FA/TOTP with a single malformed packet, requiring no credential...
EUVD-2026-25327
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...
GHSA-2HV5-4H3G-4HJV Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing...