PULSE
EN VIVO9señales / 24h
FEED
ransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Services
← Todos los CVEs
CVE Watch13 jul 2026

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwor

CVSS

Sin CVSS

EPSS

0.4%

p34

KEV

Exploit Today

10

0-100

Publicado: 13 jul 2026 · Última mod.: 13 jul 2026 · CWE-306

EPSS · 30d
0.4%EPSS · 30 días0.4%
2026-07-132026-07-19
Descripción técnica

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ
100.0%
KEV80Langflow Missing Authentication Vulnerability5d
CVE-2024-116809.8 CRÍ
99.8%
KEV80ProjectSend Improper Authentication Vulnerability5d
CVE-2026-561645.3 MED
92.0%
KEV78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability5d
CVE-2026-468179.8 CRÍ
60.3%
KEV68Oracle E-Business Suite Improper Privilege Management Vulnerability4d
CVE-2022-245629.8 CRÍ
98.9%
30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.11d
CVE-2026-411769.8 CRÍ
98.2%
29Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.5d