Lucene search
K

6 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS0.00175EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/27 5:58 a.m.6 views

Information Disclosure

angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/03/09 6:16 p.m.5 views

CVE-2026-29023

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instanc...

7.3CVSS0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/10 11:18 p.m.3 views

CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...

9.6CVSS7.1AI score0.01831EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.8 views

Generex UPS Adapter CS141 Improper Link Resolution Before File Access (CVE-2022-47188)

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. This plugin only works with Tenable.ot...

7.5CVSS8AI score0.00914EPSS
Exploits0References4
OSV
OSV
added 2023/01/05 7:15 a.m.5 views

CVE-2022-43528

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConne...

6.5CVSS5.8AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder