Lucene search
K

42 matches found

CVE
CVE
added 2026/07/06 4:13 p.m.40 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score0.00561EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:12 p.m.4 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55951

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support affected versions not specified Description A critical pre-authentication flaw exists in the authentication subsystem. Improper processing of authentication requests allows an unauthenticated remote attacker to bypas...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 8:57 p.m.20 views

CVE-2026-45689 Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.34 views

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

9.1CVSS0.00451EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.11 views

RockyLinux 9 : dovecot (RLSA-2026:19364)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19364 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References7
GithubExploit
GithubExploit
added 2026/03/22 8:52 p.m.203 views

Exploit for CVE-2026-24516

CVE-2026-24516-DigitalOcean-RCE Critical Pre-Auth Root RCE CV...

5.9AI score0.02502EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/02/11 9:18 a.m.420 views

Exploit for CVE-2026-1731

CVE-2026-1731 BeyondTrust Remote Support Pre-Auth RCE PoC...

9.9CVSS6.3AI score0.88115EPSS
Exploits16
EUVD
EUVD
added 2026/02/07 12:30 a.m.10 views

EUVD-2026-5559

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

9.9CVSS6.6AI score0.88115EPSS
Exploits11References3
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.9 views

PT-2026-6803

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions prior to 25.3.2 BeyondTrust Privileged Remote Access versions prior to 25.1.1 Description A pre-authentication operating system command injection flaw exists in BeyondTrust Remote Support and Privileged Remo...

10CVSS7.5AI score0.88115EPSS
Exploits11References381
Talos
Talos
added 2026/01/20 12:0 a.m.9 views

MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2254 MedDream PACS Premium downloadZip reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-53516 SUMMARY A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium...

6.1CVSS5.8AI score0.00317EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42523

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00518EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-36639

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00523EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2022-50887

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00448EPSS
Exploits0References3
OSV
OSV
added 2025/08/09 6:30 a.m.11 views

GHSA-6V93-FRF9-2RP8 Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the...

5.3CVSS7.2AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/09 12:0 a.m.8 views

PT-2025-32427

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....

8.6CVSS6.7AI score0.00365EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/07 1:26 p.m.6 views

CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

9.8CVSS6.8AI score0.2079EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/24 12:0 a.m.7 views

Fortinet FortiWeb Fabric Connector SQL Injection

Fortinet FortiWeb 7.0.x 7.0.11, 7.2.x 7.2.11, 7.4.x 7.4.8, 7.6.x 7.6.4 is vulnerable to a pre-authentication SQL injection that can lead to remote code execution. By leveraging this vulnerability, a remote and unauthenticated attacker can inject malicious SQL queries into the FortiWeb Fabric...

9.8CVSS8.9AI score0.9671EPSS
Exploits18References3
GithubExploit
GithubExploit
added 2025/07/19 3:12 a.m.158 views

Exploit for SQL Injection in Fortinet Fortiweb

!Book Coverhttps://m.media-amazon.com/images/I/51J88WafNFL.A...

9.8CVSS10AI score0.9671EPSS
Exploits18
Rows per page
Query Builder