42 matches found
CVE-2026-40140
BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...
CVE-2026-40138
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
PT-2026-55951
Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support affected versions not specified Description A critical pre-authentication flaw exists in the authentication subsystem. Improper processing of authentication requests allows an unauthenticated remote attacker to bypas...
PT-2026-55952
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...
CVE-2026-45689 Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...
CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...
RockyLinux 9 : dovecot (RLSA-2026:19364)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19364 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...
Exploit for CVE-2026-24516
CVE-2026-24516-DigitalOcean-RCE Critical Pre-Auth Root RCE CV...
Exploit for CVE-2026-1731
CVE-2026-1731 BeyondTrust Remote Support Pre-Auth RCE PoC...
EUVD-2026-5559
BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...
PT-2026-6803
Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions prior to 25.3.2 BeyondTrust Privileged Remote Access versions prior to 25.1.1 Description A pre-authentication operating system command injection flaw exists in BeyondTrust Remote Support and Privileged Remo...
MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2254 MedDream PACS Premium downloadZip reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-53516 SUMMARY A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium...
EUVD-2024-42523
Malicious code in bioql PyPI...
EUVD-2024-36639
Malicious code in bioql PyPI...
EUVD-2022-50887
Malicious code in bioql PyPI...
GHSA-6V93-FRF9-2RP8 Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the...
PT-2025-32427
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....
CVE-2025-54987
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...
Fortinet FortiWeb Fabric Connector SQL Injection
Fortinet FortiWeb 7.0.x 7.0.11, 7.2.x 7.2.11, 7.4.x 7.4.8, 7.6.x 7.6.4 is vulnerable to a pre-authentication SQL injection that can lead to remote code execution. By leveraging this vulnerability, a remote and unauthenticated attacker can inject malicious SQL queries into the FortiWeb Fabric...
Exploit for SQL Injection in Fortinet Fortiweb
!Book Coverhttps://m.media-amazon.com/images/I/51J88WafNFL.A...