CVE-2020-26896 Vulnerability Analysis & Exploit Details

Status: Analyzed - Last modified: 05 Nov 2020, 15:43 UTC Published: 21 Oct 2020, 02:15 UTC

CVE-2020-26896
Vulnerability Scoring

8.2
/10

Attack Complexity Details

  • Attack Complexity: Low Impact
  • Attack Vector: NETWORK
  • Privileges Required: None
  • Scope: UNCHANGED
  • User Interaction: NONE

CIA Impact Definition

  • Confidentiality: Low Impact
  • Integrity: HIGH IMPACT
  • Availability:

CVE-2020-26896 Vulnerability Summary

Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.

Access Complexity Graph

Above is the Access Complexity Graph for CVE-2020-26896. It helps visualize the difficulty level and privilege requirements needed to exploit this vulnerability, providing a quick assessment of its exploitation feasibility.

CVSS Score Breakdown Chart

Above is the CVSS Sub-score Breakdown for CVE-2020-26896, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.

Impact Analysis

Below is the Impact Analysis for CVE-2020-26896, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.114% (probability of exploit)

EPSS Percentile: 46.58% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 53.42% of others.

CVE-2020-26896 Detailed Information and External References

References

CWE

CWE-354

CAPEC

  • Checksum Spoofing CAPEC-145 An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
  • Padding Oracle Crypto Attack CAPEC-463 An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
  • Manipulating Writeable Configuration Files CAPEC-75 Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

Vulnerable Configurations

  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:-:*:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:-:*:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.3:alpha:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.1:beta_rc4:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.5:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.0:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6.1:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.6:beta_rc4:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.0:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.7.1:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.0:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.8.2:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.0:beta_rc4:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.1:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.9.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc4:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc5:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.0:beta_rc6:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.1:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.2:beta_rc4:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.3:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.4:beta:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.10.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:-:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:-:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc1:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc1:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc2:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc2:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc3:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc3:*:*:*:*:*:*
  • cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc4:*:*:*:*:*:*
    cpe:2.3:a:lightning_network_daemon_project:lightning_network_daemon:0.11.0:beta_rc4:*:*:*:*:*:*

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Protect Your Infrastructure: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Other Recently Published CVEs

  • CVE-2025-1392 – A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality o...
  • CVE-2024-13879 – The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient valida...
  • CVE-2025-21103 – Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server...
  • CVE-2025-1391 – A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or emai...
  • CVE-2025-26778 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issu...
  • CVE-2025-26775 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue...
  • CVE-2025-26773 – Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ...
  • CVE-2025-26772 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Store...
  • CVE-2025-26771 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Pag...
  • CVE-2025-26770 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue aff...