288 matches found
CVE-2026-3230
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...
CVE-2026-3230
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...
PT-2026-26366
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key share extension,...
VulnCheck KEV: CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
ConnectWise ScreenConnect 安全漏洞
ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...
UBUNTU-CVE-2026-0966
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
Reverse Online Guessing Attacks on PAKE Protocols
Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...
CVE-2023-4335
Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...
CVE-2021-31820
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI...
CVE-2019-18341
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to...
CVE-2023-45851
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...
CVE-2019-18339
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...
Maxun 授权问题漏洞
Maxun is a crawler tool from Maxun open source. An authorization issue vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from an incorrect operation of the function router.get in the file server/src/routes/auth.ts, which could lead to improper authorization...
TP-Link WA850RE 安全漏洞
TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and prior versions, which stems from improper authentication of the httpd module and could result in the downloading of configuration files...
CVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
CVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
PT-2025-51840
Name of the Vulnerable Software and Affected Versions Netun Solutions HelpFlash IoT version v18 178 221102 ASCII PRO 1R5 50 Description The over-the-air OTA firmware update process in the software does not properly authenticate update servers or validate firmware signatures, and relies on...
CVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...