Lucene search
K

48660 matches found

NVD
NVD
added 2026/06/12 5:16 p.m.10 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 5:7 p.m.42 views

EUVD-2026-36509

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
CVE
CVE
added 2026/06/12 5:7 p.m.212 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
CVE
CVE
added 2026/06/12 4:25 p.m.16 views

CVE-2026-53982

Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 3:42 p.m.10 views

CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 3:42 p.m.10 views

EUVD-2026-36496

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 3:42 p.m.18 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account-takeover vulnerability in its email-change mechanism. An attacker with a temporary authenticated session can change the registered email address without re-authentication (no password or MFA verification), redirect verification to an attacker-controlle...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2626 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2625 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.1CVSS5.3AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2624 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2623 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

6.9CVSS5.4AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 11:16 a.m.17 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 10:0 a.m.33 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 12:31 a.m.8 views

EUVD-2026-36363

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

8.4CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:31 a.m.11 views

EUVD-2026-36364

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS5.9AI score0.0055EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 12:31 a.m.10 views

EUVD-2026-36365

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

9.3CVSS5.8AI score0.00544EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...

6.9CVSS5.2AI score0.00094EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...

10CVSS6.2AI score0.0116EPSS
Exploits1References115
Rows per page
Query Builder