Lucene search
K

361 matches found

Github Security Blog
Github Security Blog
added 2026/03/11 12:35 a.m.5 views

Parse Server's MFA recovery codes not consumed after use

Impact When multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recover...

8.2CVSS5.8AI score0.0044EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.4 views

PT-2026-7461

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified Description IBM WebSphere Application Server may provide weaker than expected security. There is no information about the number of potentially affected devices worldwide or any...

4.4CVSS5.4AI score0.0031EPSS
Exploits0References6
NVD
NVD
added 2026/02/03 3:16 p.m.18 views

CVE-2026-24996

Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through = 0.6.4...

4.3CVSS0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.9 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...

9.8CVSS5.8AI score0.00149EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/01 7:32 p.m.5 views

CVE-2025-15411

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...

7.8CVSS5.1AI score0.00179EPSS
Exploits1
EUVD
EUVD
added 2025/12/30 12:30 p.m.3 views

EUVD-2025-205728

Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.12...

4.3CVSS6.5AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52502

Name of the Vulnerable Software and Affected Versions code-projects Simple Stock System version 1.0 Description A flaw exists in code-projects Simple Stock System 1.0 related to the processing of the /market/signup.php file. Manipulation of the Username argument can result in SQL injection. This...

9.8CVSS7.4AI score0.00323EPSS
Exploits1References10
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/15 12:0 a.m.16 views

Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...

9.8CVSS6.8AI score0.50949EPSS
In wildExploits3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.8 views

PT-2025-48133

Name of the Vulnerable Software and Affected Versions Apache Druid versions prior to 35.0.0 Description The Apache Druid Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. The secret is generated...

9.8CVSS6.6AI score0.00597EPSS
Exploits0References15
OSV
OSV
added 2025/11/21 10:16 p.m.2 views

UBUNTU-CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/17 5:33 p.m.2 views

CVE-2025-55058

CWE-20 Improper Input Validation...

4.5CVSS6.5AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/11/12 8:15 p.m.4 views

CVE-2025-27368

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond...

4.3CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2025/11/07 11:23 p.m.28 views

CVE-2025-12907

CVE-2025-12907 affects Google Chrome DevTools (in Chrome prior to 140.0.7339.80). The issue is insufficient validation of untrusted input in DevTools, enabling a remote attacker to achieve arbitrary code execution via user actions in DevTools. Connected sources confirm the vulnerability exists in...

8.8CVSS7.3AI score0.00276EPSS
Exploits3References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:16 p.m.4 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...

7.5CVSS6.7AI score0.01941EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/10/22 11:15 p.m.61 views

CVE-2025-62710

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00182EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/14 12:0 a.m.5 views

Hash Chaining Degrades Security at Facebook

Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41745

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System affected versions not specified Description A security weakness exists in ProjectsAndPrograms School Management System up to commit 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The issue is related to...

7.5CVSS7.1AI score0.00535EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-10517

Malware in sbrugna...

5.9CVSS6AI score0.02033EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1176

Malware in sbrugna...

9.8CVSS9.3AI score0.00595EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-10246

Malware in sbrugna...

5.3CVSS5.9AI score0.01286EPSS
Exploits0References4
Rows per page
Query Builder