Lucene search
+L

490 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

RHEL 10 : dovecot (RHSA-2026:19149)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19149 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/05/18 5:31 p.m.11 views

CVE-2026-45829

A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerability allows an unauthenticated attacker to execute arbitrary code on the server. The attacker can achieve this by sending a malicious model repository to the...

10CVSS6.2AI score0.12387EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41771

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description In default deployments where no DOZZLE AUTH PROVIDER is set, the endpoint 'POST /api/notifications/test-webhook' is accessible without authentication. This allows an unauthenticated attacker to perfo...

8.6CVSS5.8AI score0.01491EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

RHEL 10 : dovecot (RHSA-2026:17602)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17602 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.8 views

SUSE CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/12 5:40 a.m.201 views

dnsmasq_2.92_pocs

dnsmasq 2.92 — Proof of Concepts Self-contained reproduction...

8.4CVSS6AI score0.00812EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/11 5:36 p.m.14 views

CVE-2026-42859 Neat VNC: Buffer overflow due to oversized RSA public keys

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/10 12:11 p.m.187 views

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Auth SQL Injection Timing PoC Lo...

9.8CVSS6.2AI score0.86607EPSS
Exploits7
Cvelist
Cvelist
added 2026/05/08 7:49 p.m.84 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/08 7:49 p.m.8 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
OSV
OSV
added 2026/05/08 7:49 p.m.1 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.9AI score0.00481EPSS
Exploits1References5
OSV
OSV
added 2026/04/29 5:53 p.m.2 views

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS7AI score0.00382EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35728

CVE-2026-29017: Atlassian Confluence OGNL Injection — Pre-Auth RCE https://t.co/kcWQ5p0sYk anthropic aisecurity alert cybersecurity...

5.2AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/25 11:58 a.m.136 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Research Repository !License: MIThttps://i...

10CVSS7.9AI score0.99562EPSS
Exploits377
GithubExploit
GithubExploit
added 2026/04/24 9:26 p.m.211 views

Exploit for Missing Authentication for Critical Function in Frangoteam Fuxa

CVE-2026-25895 — FUXA for code execution within 60 seconds...

9.8CVSS6.3AI score0.02675EPSS
Exploits3
CVE
CVE
added 2026/04/24 6:25 p.m.25 views

CVE-2026-41328

Dgraph pre-auth vulnerability CVE-2026-41328 allows unauthenticated full read of data via DQL injection in NQuad Lang field. Root cause: addQueryIfUnique builds DQL using fmt.Sprintf with pred.Lang appended to predicateName, and Lang is parsed from mutation keys without validation, enabling injec...

9.1CVSS5.5AI score0.00338EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/24 6:25 p.m.4 views

CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS5.9AI score0.00338EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/24 3:39 p.m.20 views

russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler

Summary A pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for 2FA/TOTP with a single malformed packet, requiring no credential...

7.5CVSS5.5AI score0.00481EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/24 12:31 a.m.5 views

EUVD-2026-25327

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

6.9CVSS5.8AI score0.00459EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 12:31 a.m.7 views

GHSA-2HV5-4H3G-4HJV Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing...

6.9CVSS5.7AI score0.00459EPSS
Exploits0References4
Rows per page
Query Builder