Lucene search
+L

489 matches found

CVE
CVE
added 5 days ago8 views

CVE-2026-15429

CVE-2026-15429 describes a privilege escalation in the HTTP authentication component of the Archer VX1800v (v1). The vulnerability results from improper handling of user-controlled input, enabling newline character injection into internally constructed configuration data. An authenticated user wi...

5.1CVSS6AI score0.00394EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-15429 Privilege Escalation via Improper Input Sanitization in TP-Link Archer VX1800v

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS0.00394EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-10714

The CVE-2026-10714 issue affects FactoryTalk Services Platform (FTSP) . It hinges on a JWT validation bypass where the application does not verify that the JWT algorithm is configured for RSA, allowing an attacker to set the algorithm to "none" and forge tokens. This could enable an authenticated...

8.8CVSS6.1AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 7:57 p.m.15 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:57 p.m.3 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/07/06 4:28 p.m.24 views

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...

9.8CVSS7.2AI score0.00783EPSS
Exploits5
Snyk
Snyk
added 2026/07/03 10:20 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits5References2
Snyk
Snyk
added 2026/07/03 10:20 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits5References2
Snyk
Snyk
added 2026/07/03 10:20 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits5References2
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.8 views

Chromium: CVE-2026-14074 Side-channel information leakage in WebAuthentication

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.9AI score0.00276EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.44 views

CVE-2026-11883 WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.49 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40575

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.19 views

PT-2026-54479

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An off-by-one error exists in the Base64 decode helper used for HTTP Basic authentication. The wi uudecode function in the file repeater/webgui/webutils.c uses a strict greater-than...

3.7CVSS6.1AI score0.00388EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.5 views

DEBIAN-CVE-2026-13889

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.5 views

DEBIAN-CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.8 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00276EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.28 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00276EPSS
Exploits0References2
Rows per page
Query Builder