Lucene search
K

108 matches found

CVE
CVE
added 6 days ago9 views

CVE-2026-0279

PAN-OS 11.1.x before 11.1.16, 11.2.x before 11.2.13, and 12.1.x before 12.1.8 are affected by multiple cross-site scripting (XSS) flaws in the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal features, and Clientless VPN. An unauthenticated attacker can store or execut...

6.1CVSS5.4AI score0.0061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/08 8:14 p.m.33 views

CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS0.00557EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 8:14 p.m.23 views

EUVD-2026-42388

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS6.5AI score0.00557EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.7 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS...

9.2CVSS7.4AI score0.00557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.29 views

PT-2026-51175

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An authorization bypass exists in the Meet plugin's 'uploadRecordedVideo.json.php' endpoint. The system derives the target users id from the uploaded filename without proper verification. An attacker w...

9.2CVSS6AI score0.00295EPSS
Exploits0References9
OSV
OSV
added 2026/05/15 6:17 p.m.12 views

GHSA-QXVM-R42F-5P8J AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

8.1CVSS5.9AI score0.00295EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/05/06 1:27 p.m.9 views

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this...

9.8CVSS6.8AI score0.32074EPSS
Exploits6
Schneier on Security
Schneier on Security
added 2026/03/02 12:5 p.m.10 views

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/02/16 9:47 a.m.32 views

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.11 views

PT-2026-7727

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description Issues in the My Account and User Management components allow for access escalation. A user with low privileges can gain access to other accounts by manipulating the client’s user ID to modi...

8.8CVSS5.4AI score0.00232EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/15 6:17 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login UI process. An attacker can determine the existence of valid user accounts by submitting arbitrary userIDs and observing the system's response. This can be achieved by iterating through potential userI...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.9 views

CVE-1999-0169

NFS allows attackers to read and write any file on the system by specifying a false UID...

10CVSS6.8AI score0.01957EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/15 3:30 p.m.6 views

EUVD-2025-203372

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

6.5AI score0.00299EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/09 9:31 p.m.9 views

EUVD-2021-34728

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information...

6.9CVSS6.3AI score0.00313EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/11/05 12:0 a.m.9 views

Smartphone User Fingerprinting on Wireless Traffic

Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user...

6.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18678

Malware in sbrugna...

5.1CVSS5.5AI score0.00344EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-3717

Malware in sbrugna...

5CVSS6.4AI score0.01196EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-1999-0491

Malware in sbrugna...

10CVSS6.4AI score0.0919EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2001-1486

Malware in sbrugna...

4.6CVSS6.4AI score0.00482EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-1999-0837

Malware in sbrugna...

5CVSS6.4AI score0.01038EPSS
Exploits0References2
Rows per page
Query Builder