CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

Debian CVE•added 2026/05/08 3:14 p.m.•3 views

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

10CVSS5.7AI score0.00022EPSS

Exploits0

CNNVD•added 2026/05/08 12:0 a.m.•3 views

openvpn-auth-oauth2 授权问题漏洞

OpenVPN-Auth-OAuth2 is a single-signpoint login authentication integration tool developed by Jan-Otto Kröpke. In versions 1.26.3 to 1.27.3 of OpenVPN-Auth-OAuth2, there were authorization-related vulnerabilities. These vulnerabilities occurred when clients did not support WebAuth/SSO in...

10CVSS5.8AI score0.00022EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34452

Name of the Vulnerable Software and Affected Versions openvpn-auth-oauth2 versions 1.26.3 through 1.27.2 Description An authentication bypass exists when the software is deployed in experimental plugin mode. Clients that do not support WebAuth/SSO are incorrectly granted full network access witho...

10CVSS5.9AI score0.00022EPSS

Exploits0References27

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34525

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

10CVSS5.8AI score

Exploits0References8

Packet Storm•added 2026/01/26 12:0 a.m.•104 views

📄 Juniper JunOS 23.4 Module Scanner / Exploitation Framework

This PHP script is a modular scanner and exploitation framework targeting Juniper JunOS CVE‑2023‑36846, an arbitrary file upload vulnerability due to missing authentication.. It is designed with a clear separation of responsibilities and supports single‑target testing, interactive exploitation, a...

5.3CVSS5.9AI score0.94278EPSS

Exploits4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-2076

Malware in sbrugna...

7.5CVSS7.6AI score0.00397EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-0406

Malware in sbrugna...

7.8CVSS6.4AI score0.00393EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2009-2932

Malware in sbrugna...

4.3CVSS6.1AI score0.00229EPSS

Exploits0References3

VulnCheck KEV•added 2025/08/24 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-21620

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's...

8.8CVSS6AI score0.00368EPSS

In wildExploits0References42

RedhatCVE•added 2025/05/22 4:54 a.m.•5 views

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure...

7.5CVSS7.2AI score0.00397EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 8:21 p.m.•6 views

CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

4.3CVSS6.7AI score0.00229EPSS

Exploits0References1

Positive Technologies•added 2024/07/30 12:0 a.m.•3 views

PT-2024-5665 · Tenda · Tenda I22

Name of the Vulnerable Software and Affected Versions: Tenda i22 version 1.0.0.34687 Description: The issue is related to a buffer overflow in the formApPortalWebAuth function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality, integrity...

9.8CVSS8.9AI score0.00312EPSS

Exploits1References7

VulnCheck KEV•added 2023/08/29 12:0 a.m.•1 views

VulnCheck KEV: CVE-2023-36851

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication,...

5.3CVSS6.2AI score0.14946EPSS

Exploits0References1

RedHat Linux•added 2023/05/09 9:50 a.m.•0 views

grafana: Escalation from admin to server admin when auth proxy is used

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...

6.6CVSS7.3AI score0.00881EPSS

Exploits0References5

RedhatCVE•added 2022/09/21 5:18 a.m.•52 views

CVE-2022-35957

6.6CVSS6.9AI score0.00881EPSS

Exploits0References4

OSV•added 2020/10/10 6:24 p.m.•6 views

OPENSUSE-SU-2020:1652-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud version 20.0.0 fix some security issues: - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...

9CVSS7.9AI score0.1519EPSS

Exploits3References9