Lucene search
+L

40671 matches found

nvd
nvd
added yesterday5 views

CVE-2026-56087

Dell ThinOS 10, versions prior to 260510.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...

6.1CVSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44741

Dell ThinOS 10, versions prior to 260510.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...

6.1CVSS6.1AI score
Exploits0References1
cve
cve
added yesterday3 views

CVE-2026-56087

Dell ThinOS 10 is affected in all versions prior to 2605_10.2100. The vulnerability is a Protection Mechanism Failure that could allow an attacker with physical access to bypass protections and gain unauthorized access to encrypted data. Impact is supported by the CVSS data indicating high confid...

6.1CVSS6.1AI score
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44751

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score
Exploits0References4
cvelist
cvelist
added yesterday17 views

CVE-2026-61740 LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status defeat LIGHTRAG_API_KEY protection

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...

9.3CVSS
Exploits0References4
cve
cve
added yesterday8 views

CVE-2026-61740

LightRAG vulnerability CVE-2026-61740 affects LightRAG prior to v1.5.4. When LIGHTRAG_API_KEY is set but AUTH_ACCOUNTS is unset, authentication protection can be bypassed: lightrag/api/auth.py falls back to a hardcoded DEFAULT_TOKEN_SECRET, /auth-status and /login can mint guest JWTs, and combine...

9.3CVSS6.1AI score
Exploits0References4
nuclei
nuclei
added yesterday108 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.7AI score0.09619EPSS
Exploits0References5
nuclei
nuclei
added yesterday250 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
nuclei
nuclei
added yesterday31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.1AI score0.04342EPSS
Exploits1References2
nvd
nvd
added 2 days ago5 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS0.00389EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-50646

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...

7.8CVSS0.01579EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-47305

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...

7.8CVSS0.00343EPSS
Exploits0References1
cve
cve
added 2 days ago86 views

CVE-2026-45075

Summary : Symfony's GET-only method checks in #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] can be bypassed by HEAD requests, causing header leakage and potential side effects as HEAD is routed to the GET handler. This affects Symfony framework versions prior to 7.4.12 and 8.0.12. Im...

8.3CVSS6.2AI score0.00511EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2 days ago4 views

CVE-2026-34348

Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...

6.5CVSS0.00714EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-34348

CVE-2026-34348 affects the Windows Event Logging Service. The issue is a protection mechanism failure that can allow an authorized attacker to disclose information over a network. According to the available records, the exploit surface is network-based with low privileges required and no user int...

6.5CVSS6.1AI score0.00714EPSS
Exploits0References1
osv
osv
added 2 days ago3 views

CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation

On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References5
cve
cve
added 2 days ago6 views

CVE-2026-10669

Summary (CVE-2026-10669) : On Xtensa SoCs with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, arch_buffer_validate() erroneously permits access when the buffer size rounds to a wrap of the 32-bit address space, bypassing MPU checks. This can let an unprivileged user-thread validate or copy memory it sho...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References2
mscve
mscve
added 2 days ago6 views

Visual Studio Remote Code Execution Vulnerability

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score0.00343EPSS
Exploits0
mscve
mscve
added 2 days ago5 views

.NET Framework Remote Code Execution Vulnerability

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score0.01579EPSS
Exploits0
osv
osv
added 2 days ago2 views

SUSE-SU-2026:2968-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues - CVE-2026-41425: Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth bsc1263114. - CVE-2026-44681: Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...

6.1CVSS6.1AI score0.00203EPSS
Exploits2References5
Rows per page
Query Builder