Lucene search
K

5686 matches found

Redos
Redos
added 2026/06/05 12:0 a.m.8 views

ROS-20260605-73-0046

The vulnerability in Grafana relates to the unencrypted storage of user data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.5CVSS5.4AI score0.00309EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...

8.8CVSS5.3AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 2:50 p.m.7 views

GHSA-H97M-27FX-42RX matrix-sdk-ui: Incomplete edit validation

Impact The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate...

4.9CVSS5.9AI score0.00019EPSS
Exploits0References5
NVD
NVD
added 2026/06/04 7:16 a.m.13 views

CVE-2026-50205

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:43 a.m.10 views

EUVD-2026-34217

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:43 a.m.6 views

CVE-2026-50205

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46156

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the system log files outputting unencrypted SMTP server authentication passwords and sensitive employee corporate identity data...

8.8CVSS5.3AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 6:3 p.m.7 views

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 6:3 p.m.33 views

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.8 views

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/06/03 1:16 p.m.31 views

CVE-2026-7666

Django 6.0 before 6.0.6 and 5.2 before 5.2.15 are affected. The SMTP email backend (django.core.mail.backends.smtp.EmailBackend) may reuse a partially-initialized connection after a failed STARTTLS handshake when fail_silently=True, allowing on-path attackers to read email content in cleartext. T...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.40 views

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 1:0 p.m.6 views

UBUNTU-CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.2AI score0.0015EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.14 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2024-55607

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, targeting educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability arises from downloading...

7.1CVSS5.3AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46048

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP using the Fetch API. This represents an inconsistent implementation of Transport...

5.8AI score0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 10:16 p.m.13 views

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 7:8 p.m.13 views

EUVD-2026-34011

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS5.8AI score0.00101EPSS
Exploits0References2
Rows per page
Query Builder