Lucene search
+L

47 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.10 views

PT-2026-36114

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description When the software is started with the --features-disabled=account,account-api flag, the Account REST API is only partially disabled. Five endpoints under the versioned path "/account/v1alpha...

5.4CVSS5.3AI score0.00232EPSS
Exploits0References15
Zero Day Initiative
Zero Day Initiative
added 2026/04/27 12:0 a.m.10 views

Flowise AccountService resetPassword Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. The issue results from improper...

8.1CVSS5.7AI score0.0687EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 7:49 p.m.37 views

CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...

7.7CVSS0.0687EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 7:49 p.m.4 views

CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific...

7.7CVSS5.6AI score0.0687EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/16 9:55 p.m.10 views

Flowise: resetPassword Authentication Bypass Vulnerability

ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS...

9.8CVSS5.9AI score0.0687EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/16 9:55 p.m.9 views

GHSA-F6HC-C5JR-878P Flowise: resetPassword Authentication Bypass Vulnerability

ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS...

9.8CVSS5.9AI score0.0687EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/16 9:53 p.m.8 views

Cleartext Transmission of Sensitive Information

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information through the AccountService in account.service.ts. An attacker can cause password reset, verification, registration, and invite emails to contain http:// links...

7.5CVSS5.7AI score0.00192EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24745

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Account REST API of Keycloak that allows a user authenticated with a lower security level to perform sensitive actions intended only for higher-assurance sessions. An...

4.2CVSS5.9AI score0.00251EPSS
Exploits0References12
EUVD
EUVD
added 2026/03/06 5:40 p.m.13 views

EUVD-2026-10055

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...

6.9CVSS5.7AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from the direct embedding of MongoDB query selectors into user inputs in the account...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23738

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.10.8 Rocket.Chat versions prior to 7.11.5 Rocket.Chat versions prior to 7.12.5 Rocket.Chat versions prior to 7.13.4 Rocket.Chat versions prior to 8.0.2 Rocket.Chat versions prior to 8.1.1 Rocket.Chat versions...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/05 9:58 p.m.16 views

Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint

Summary The /api/v1/account/forgot-password endpoint returns the full user object including PII id, name, email, status, timestamps in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/05 9:58 p.m.5 views

GHSA-JC5M-WRP2-QQ38 Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint

Summary The /api/v1/account/forgot-password endpoint returns the full user object including PII id, name, email, status, timestamps in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3825

Malware in sbrugna...

7.8CVSS7.7AI score0.00317EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/13 1:46 a.m.5 views

CVE-2025-24868

The User Account and Authentication service UAA for SAP HANA extended application services, advanced model SAP HANA XS advanced model allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirec...

7.1CVSS6.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.7 views

Ubuntu 资源管理错误漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. Ubuntu suffers from a security vulnerability that stems from the Account Service incorrectly handling certain messages, which can be exploited by a local attacker to cause a...

8.1CVSS7.8AI score0.0033EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2012-6655

An issue exists AccountService 0.6.37 in the userchangepasswordauthorizedcb function in user.c which could let a local users obtain encrypted passwords...

3.3CVSS6.6AI score0.00448EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.1 views

SUSE CVE-2020-16125

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

7.8CVSS6.6AI score0.01109EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2021/05/18 2:2 p.m.6 views

gdm: inability to timely contact accountservice via dbus leads gnome-initial-setup to creation of account with admin privileges

A vulnerability was found in GDM. If gdm can't contact the AccountService service via DBus in a timely manner it would default to assume there are no existing users and would allow the attacker to create a new user with high privileges...

7.2CVSS5.7AI score0.01109EPSS
Exploits1References5
OSV
OSV
added 2020/11/03 12:0 a.m.5 views

UBUNTU-CVE-2020-16125

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu and potentially derivatives this could be be chained with an additional issue that could allow a local user to create a new privileged...

7.2CVSS7.3AI score0.01109EPSS
Exploits1References3
Rows per page
Query Builder