Lucene search
K

4433 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.7 views

CVE-2021-27201

Endian Firewall Community aka EFW 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment...

8.8CVSS7.6AI score0.02606EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4592

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is...

6.3CVSS5.4AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-20997

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

6.3CVSS5.7AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:8 p.m.64 views

CVE-2026-20114

Cisco IOS XE Lobby Ambassador web-based management API has a vulnerability where an authenticated Lobby Ambassador can bypass validation to create a new user with privilege level 1 access, enabling access to management APIs. Root cause: insufficient validation of API parameters. Impact: privilege...

5.4CVSS5.9AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 3:56 p.m.1 views

CVE-2026-4592

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is...

6.3CVSS5.4AI score0.00348EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26317

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

5.8AI score0.00401EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.2 views

PT-2026-26320

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log type parameter to /logsave.htm...

6AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 11:8 p.m.5 views

SUSE-SU-2026:0930-1 Security update for krb5-appl

This update for krb5-appl fixes the following issue: - CVE-2026-32746: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd LINEMODE bsc1259691...

9.8CVSS5.8AI score0.23674EPSS
Exploits8References3
Cvelist
Cvelist
added 2026/03/17 9:32 p.m.29 views

CVE-2026-4349 Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

6.3CVSS0.00407EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 4:32 a.m.3 views

CVE-2026-20996

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 4:32 a.m.3 views

CVE-2026-20996

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:32 a.m.15 views

CVE-2026-20996

CVE-2026-20996 affects Smart Switch prior to version 3.7.69.15, where use of a broken or risky cryptographic algorithm enables remote attackers to downgrade the authentication scheme. The issue is documented across multiple sources (CVE/NVD and Red Hat EUVD/AKB entries) and is tied to the downgra...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25602

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/15 7:2 p.m.39 views

CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...

6.9CVSS0.00514EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 7:25 p.m.7 views

EUVD-2026-11321

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...

10CVSS5.9AI score0.00501EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.3 views

EUVD-2025-208483

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

6.7CVSS5.8AI score0.0052EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.6 views

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

6.6CVSS0.00632EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 4:44 p.m.2 views

CVE-2025-48418

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

6.7CVSS5.8AI score0.0052EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24229

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

7.2CVSS5.8AI score0.0052EPSS
Exploits0References3
Rows per page
Query Builder