Lucene search
K

4224 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-55881

OpenReplay (self-hosted session replay) versions affected: 1.22.0 – 1.27.0. The vulnerability arises in getFirstMob where 15-second presigned S3 download URLs for a session’s DOM-replay recording were generated based only on the session path, while validateProjectAccess only checked tenant owners...

7.1CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2 hours ago4 views

CVE-2026-55370

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-55370 Logto: TOTP code can be replayed within the RFC 6238 validity window (one-time use violation)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS
Exploits0References4
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43011

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score
Exploits0References4
CVE
CVE
added 2 hours ago5 views

CVE-2026-55370

Technical details about CVE-2026-55370 are not publicly available in the provided documents. Monitor for updates.

6.4CVSS6.1AI score
Exploits0References4
NVD
NVD
added 11 hours ago8 views

CVE-2026-58225

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS
Exploits0References4
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS
Exploits0References4
CVE
CVE
added 11 hours ago10 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-42867

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 11 hours ago5 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score
Exploits0References4
NVD
NVD
added 14 hours ago5 views

CVE-2026-28564

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added 15 hours ago6 views

CVE-2026-28564 Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

Exploits0References1
ATTACKERKB
ATTACKERKB
added 15 hours ago4 views

CVE-2026-28564

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added 15 hours ago7 views

CVE-2026-28564

The CVE-2026-28564 issue affects Apache IoTDB prior to 2.0.10. It is described as an authentication bypass caused by insufficient session expiration, enabling capture–replay against REST Basic Authentication. Affected versions are 1.0.0 up to, but not including, 2.0.10. The practical impact is hi...

9.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 15 hours ago5 views

EUVD-2026-42832

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 19 hours ago100 views

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.8AI score0.55861EPSS
Exploits5References5
EUVD
EUVD
added yesterday4 views

EUVD-2026-42640

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

6AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-51597

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

9.1CVSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday33 views

CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00088EPSS
Exploits0References1
Rows per page
Query Builder