Lucene search
K

470 matches found

Fedora
Fedora
added 2025/09/23 12:16 a.m.8 views

[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43

This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...

8.6CVSS7.2AI score0.00388EPSS
Exploits0
OSV
OSV
added 2025/09/16 1:15 p.m.0 views

UBUNTU-CVE-2025-10530

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 143 and Thunderbird 143...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.5 views

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in several Mozilla products and is caused by an...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/09 12:0 a.m.11 views

CVE-2025-57540

A stored cross-site scripting XSS vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment PVE 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page,...

0.00267EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36794

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting XSS issue exists in the WebAuthn Relying Party field within the Datacenter configuration. Authenticated users can inject JavaScript code that is later executed...

5.4CVSS5.5AI score0.00267EPSS
Exploits1References6
CNVD
CNVD
added 2025/09/09 12:0 a.m.3 views

Cisco NX-OS Software Operating System Command Injection Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an operating system command injection vulnerability that stems from insufficient user input validation, which can be exploited by an...

4.4CVSS5.8AI score0.03221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.4 views

PT-2025-35518

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.8.0 Description ESPHome’s web server authentication check on the ESP-IDF platform can incorrectly pass when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value. This allows...

8.1CVSS6.5AI score0.01514EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2025/09/01 2:16 p.m.4 views

CVE-2009-20009

Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before...

9.3CVSS8.6AI score0.01532EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/26 12:0 a.m.3 views

Tenda AC6 Authentication Bypass Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. The Tenda AC6 suffers from an authentication bypass vulnerability, which stems from a bypass problem in the...

9.8CVSS7.9AI score0.01985EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 1:22 p.m.14 views

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

9.8CVSS7.3AI score0.01985EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 2:15 p.m.8 views

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

9.8CVSS0.01985EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 2:15 p.m.5 views

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

9.8CVSS6AI score0.01985EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 1:9 p.m.7 views

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

9.8CVSS0.01985EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:9 p.m.20 views

CVE-2025-27129

CVE-2025-27129 affects Tenda AC6 V5.0 V02.03.01.110. Cisco Talos details a HTTP authentication bypass where an attacker can bypass auth by manipulating the request (notably via a crafted Host header), leading to arbitrary code execution. The vulnerability is triggered through the HTTP authenticat...

9.8CVSS8AI score0.01985EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/20 1:9 p.m.4 views

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

9.8CVSS8AI score0.01985EPSS
Exploits0References1
Talos
Talos
added 2025/08/20 12:0 a.m.9 views

Tenda AC6 V5.0 HTTP authentication bypass vulnerability

Talos Vulnerability Report TALOS-2025-2165 Tenda AC6 V5.0 HTTP authentication bypass vulnerability August 20, 2025 CVE Number CVE-2025-27129 SUMMARY An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP...

9.8CVSS7.5AI score0.01985EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

7.3AI score0.0041EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/08/05 12:0 a.m.6 views

Discourse < 3.4.7 Improper Authentication Vulnerability

Discourse is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS5.8AI score0.00451EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/11 12:0 a.m.4 views

SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH

We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...

7.4AI score
Exploits0
OSV
OSV
added 2025/06/24 1:15 p.m.3 views

CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...

9.8CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder