CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00016EPSS

Exploits0References1Affected Software1

OSV•added 3 days ago•3 views

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

8.1CVSS5.5AI score0.00085EPSS

Exploits0References5

OPENSUSE Linux•added 2026/06/03 12:0 a.m.•7 views

Security update for memcached (important)

openSUSE security update: security update for memcached ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20884-1 Rating: important References: bsc1265873 bsc1265881 Cross-References: CVE-2026-47783 CVE-2026-47784 CVSS scores: CVE-2026-47783 SUSE : 8....

8.1CVSS5.8AI score0.00085EPSS

Exploits0References2

OSV•added 2026/06/02 1:57 p.m.•1 views

SUSE-SU-2026:22022-1 Security update for memcached

8.1CVSS5.4AI score0.00085EPSS

Exploits0References5

Ubuntu•added 2026/05/27 12:47 p.m.•13 views

USN-8320-1: Memcached vulnerabilities

It was discovered that Memcached's SASL password database authentication had a timing side channel when handling username and password data. A remote attacker could possibly use this issue to obtain sensitive information...

8.1CVSS5.8AI score0.00085EPSS

Exploits0

OSV•added 2026/05/27 12:47 p.m.•6 views

USN-8320-1 memcached vulnerabilities

8.1CVSS5.8AI score0.00085EPSS

Exploits0References3

OSV•added 2026/05/22 8:47 a.m.•4 views

BIT-MEMCACHED-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.00085EPSS

Exploits0References4

NVD•added 2026/05/20 7:16 a.m.•5 views

CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS0.00085EPSS

Exploits0References3

RedHat Linux•added 2026/05/20 2:1 a.m.•10 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00068EPSS

Exploits1References5

CNNVD•added 2026/05/20 12:0 a.m.•7 views

Memcached 安全漏洞

Memcached is a high-performance distributed memory object caching system developed by the Memcached community in the United States. Versions of Memcached prior to 1.6.42 contained a security vulnerability. This vulnerability stemmed from the sequential side channel in the password data used durin...

8.1CVSS5.8AI score0.00085EPSS

Exploits0References2

AlmaLinux•added 2026/05/05 12:0 a.m.•3 views

Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.00068EPSS

Exploits2References8

Cvelist•added 2026/04/20 1:20 p.m.•24 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

0.00169EPSS

Exploits0References2

OSV•added 2025/10/11 1:20 p.m.•4 views

OESA-2025-2394 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

8.7CVSS7AI score0.00099EPSS

Exploits0References2