Lucene search
K

288 matches found

AlpineLinux
AlpineLinux
added 2026/03/19 8:59 p.m.2 views

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.8AI score0.00209EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/19 8:59 p.m.3 views

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.3AI score0.00209EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26366

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key share extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
In wildExploits0References4
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.9 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...

9CVSS6AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 12:0 a.m.4 views

UBUNTU-CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.5 views

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.18 views

CVE-2023-4335

Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...

7.5CVSS7.2AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.12 views

CVE-2021-31820

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI...

7.5CVSS7.2AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.10 views

CVE-2019-18341

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to...

5.3CVSS6.7AI score0.01618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.11 views

CVE-2019-18339

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...

9.8CVSS6.9AI score0.02652EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.4 views

Maxun 授权问题漏洞

Maxun is a crawler tool from Maxun open source. An authorization issue vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from an incorrect operation of the function router.get in the file server/src/routes/auth.ts, which could lead to improper authorization...

6.5CVSS6.4AI score0.00323EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

TP-Link WA850RE 安全漏洞

TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and prior versions, which stems from improper authentication of the httpd module and could result in the downloading of configuration files...

7.5CVSS6.9AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2025/12/17 5:15 p.m.6 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS6.3AI score0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/17 12:0 a.m.3 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

7.4AI score0.00085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51840

Name of the Vulnerable Software and Affected Versions Netun Solutions HelpFlash IoT version v18 178 221102 ASCII PRO 1R5 50 Description The over-the-air OTA firmware update process in the software does not properly authenticate update servers or validate firmware signatures, and relies on...

6.6CVSS7.3AI score0.00085EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.28 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

0.00085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...

5.4CVSS5.4AI score0.00084EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 5:57 p.m.7 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.4AI score0.00084EPSS
Exploits0References1
Rows per page
Query Builder