Lucene search
K

12364 matches found

NVD
NVD
added 2026/06/16 2:16 a.m.14 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
CVE
CVE
added 2026/06/16 12:49 a.m.25 views

CVE-2026-42014

GnuTLS vulnerability CVE-2026-42014 fixes a use-after-free in gnutls_pkcs11_token_set_pin when changing the Security Officer PIN with a NULL old PIN on tokens lacking a protected authentication path. The connected advisories (SUSE SUSE-SU-2026:2115-1, OSV entries, and Red Hat Oracle/Rocky advisor...

6.6CVSS5.2AI score0.0015EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/16 12:49 a.m.2 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.8AI score0.0015EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/16 12:49 a.m.42 views

CVE-2026-42014 Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50152

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description A Host-header parsing flaw in the LiteLLM proxy allows unauthenticated access to protected management routes. The authentication layer derives the effective route from request.url.path in the get...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.7 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00939EPSS
Exploits0References5
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0039

The vulnerability of the RDP client FreeRDP relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...

7.1CVSS5AI score0.00205EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0043

The vulnerabilities of the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA in the FreeRDP client are related to a memory reclamation error. Exploiting these vulnerabilities could allow an attacker to compromise the accessibility of protected information...

5.3CVSS5.5AI score0.00282EPSS
Exploits0
Talos
Talos
added 2026/06/15 12:0 a.m.8 views

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

6.5CVSS5.4AI score0.00271EPSS
Exploits0
Snyk
Snyk
added 2026/06/12 8:12 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the handleLogIn and verifyPassword user...

8.2CVSS5.4AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.14 views

CVE-2026-53725

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and...

5.9CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-53726

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:37 p.m.9 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS5.4AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 6:37 p.m.30 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 6:37 p.m.25 views

CVE-2026-53726

Parse Server contains a vulnerability in the relation query operator $relatedTo. Before versions 8.6.80 and 9.9.1-alpha.6, an unauthenticated client with public API credentials could read membership of a Relation field protected by protectedFields or object ACLs, potentially enumerating objects l...

6.9CVSS5.3AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 6:35 p.m.30 views

CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and...

5.9CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:35 p.m.9 views

CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and...

5.9CVSS5.2AI score0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:35 p.m.17 views

CVE-2026-53725

Parse Server up to version 9.9.1-alpha.5 contains a vulnerability in MFA handling: when _User get is denied by Class-Level Permissions, the /login and /verifyPassword endpoints may bypass CLP/protectedFields sanitization and return raw database rows, exposing MFA data (MFA TOTP secrets and recove...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:49 p.m.10 views

CVE-2026-6739 Mattermost: Delegated admins could patch protected default system roles

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...

6.7CVSS5.2AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder