Lucene search
+L

321 matches found

SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.8 views

SUSE CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

6.1CVSS5.7AI score0.00122EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/03 6:31 p.m.5 views

EUVD-2026-18766

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

5.7AI score0.00122EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/03 5:42 p.m.11 views

CVE-2026-31392

A flaw was found in the Linux kernel's Server Message Block SMB client. A local attacker, by attempting to mount SMB shares using Kerberos sec=krb5 with a specified username, could cause the client to incorrectly reuse an existing SMB session. This session reuse occurs even when a different...

8.1CVSS5.9AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.3 views

CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

8.1CVSS0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.5 views

CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

8.1CVSS5.7AI score0.00122EPSS
Exploits0References8
OSV
OSV
added 2026/04/03 4:16 p.m.12 views

UBUNTU-CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

8.1CVSS5.7AI score0.00122EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.1 views

CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

5.7AI score0.00122EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/04/03 3:15 p.m.27 views

CVE-2026-31392

CVE-2026-31392 concerns the Linux kernel SMB client and Kerberos username handling. The issue was fixed by ensuring the username mount option is respected when sec=krb5 is used, preventing reuse of an SMB session across mounts with different usernames. Connected OSV records show Debian/Ubuntu/roo...

8.1CVSS5.7AI score0.00122EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/03 3:15 p.m.3 views

CVE-2026-31392 smb: client: fix krb5 mount with username option

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

8.1CVSS5.8AI score0.00122EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30175

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SMB client related to Kerberos krb5 mounting with the username option. The issue occurs when attempting to mount shares with different usernames using...

8.1CVSS5.3AI score0.00122EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/27 11:55 a.m.31 views

CVE-2026-25101 Session Fixation in Bludit

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

4.8CVSS0.00356EPSS
Exploits4References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:43 p.m.10 views

Vikunja has TOTP Reuse During Validity Window

Summary Any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Details The below code is called when a user that has 2FA is authenticating to the application. Once they submit a valid username-password-totp combination, the user gets authenticated...

5.7CVSS5.9AI score0.00258EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...

9.8CVSS5.8AI score0.00269EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:2 a.m.2 views

CVE-2026-25778

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:2 a.m.24 views

CVE-2026-25778 SWITCH EV swtchenergy.com Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS0.00313EPSS
Exploits0References3
Zero Science Lab
Zero Science Lab
added 2026/02/24 12:0 a.m.140 views

Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

9.8CVSS5.8AI score0.00716EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.10 views

CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

9.8CVSS5.3AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.9 views

CVE-2025-36115

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.5AI score0.00135EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2025/12/31 6:40 p.m.4 views

CVE-2021-47740 KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...

7.5CVSS6.7AI score0.00378EPSS
Exploits1References7
Rows per page
Query Builder