Lucene search
K

737 matches found

CVE
CVE
added 6 days ago9 views

CVE-2026-37271

CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...

9.8CVSS6AI score0.00373EPSS
Exploits0References2
OSV
OSV
added last week4 views

BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.10 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.12 views

node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-70994

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

7.3CVSS5.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.5AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 9:16 a.m.11 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:22 a.m.10 views

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:22 a.m.9 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 7:22 a.m.43 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 7:22 a.m.8 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:22 a.m.26 views

CVE-2026-50210

CVE-2026-50210 is linked to multiple sources describing a cryptographic weakness where data is encrypted with AES-CBC using static zero-filled IVs. This configuration can enable replay attacks and known-plaintext decryption. The description across NVD, CVE records, and related feeds consistently ...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability arises from the use of static zero-padding initialization vectors when encrypting data using AES-CBC encryption. This can lead to replay...

7.5CVSS5.3AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. One...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 6:30 p.m.2 views

GHSA-MFVP-7P3V-X9MH Casdoor SAML callback handler accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

9.1CVSS5.8AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 4:31 p.m.34 views

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from the SAML callback handler in controllers/auth.go, which accepted SA...

5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 3:37 p.m.6 views

GHSA-J5RM-V3VH-VX94 eduMFA Passkeys: missing expiration flag may allow replay attacks and reuse of old challenges

Impact In eduMFA = 2.9.1 by adding validity information to the userless challenges. Workarounds No known workarounds besides disabling userless login altogether...

8.7CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder