Lucene search
K

25 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 a.m.9 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 8:11 p.m.10 views

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...

9.9CVSS7.3AI score0.00424EPSS
Exploits2References8Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33316

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without...

8.1CVSS5.8AI score0.00363EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23735

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...

9.3CVSS5.9AI score0.00498EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/03/05 6:55 a.m.4 views

SUSE CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs' 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim's username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.5 views

CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 5:41 p.m.15 views

CVE-2025-64175

Gogs 2FA bypass CVE-2025-64175 affects version 0.13.3 and earlier. Root cause: the UseRecoveryCode check does not scope recovery codes by user, performing a global lookup for any unused code and ignoring the authenticating user’s ID. Exploitation requires victim credentials, after which an attack...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...

8.8CVSS6.1AI score0.00424EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0288

Malware in sbrugna...

6.8CVSS6.1AI score0.01394EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-23676

Malware in sbrugna...

7.5CVSS7.6AI score0.00723EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17135

Malware in sbrugna...

4.6CVSS4.9AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0554

Malware in sbrugna...

6.8CVSS8.9AI score0.02532EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.8 views

CVE-2019-6633

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions...

4.4CVSS7AI score0.00347EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.12 views

!_account.isContract() can be bypassed

Lines of code Vulnerability details Impact A contract in construction can bypass isContract to call deposit and withdraw functions in vaults/yVault/yVault.sol, farming/LPFarming.sol, and farming/yVaultLPFarming.sol. Also, Block contracts may cause DoS if someone uses multisig contracts as a calle...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/02/24 4:34 a.m.31 views

UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover

Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...

0.1AI score
Exploits0
OSV
OSV
added 2021/12/07 5:15 p.m.0 views

CVE-2021-37100

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed...

7.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2021/12/07 4:6 p.m.13 views

CVE-2021-37100

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed...

7.9AI score0.00723EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.311 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/11/02 12:0 a.m.4 views

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to deficiencies in the authentication process, allows a violator to circumvent the account lockout implemented by CentralAuth.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to circumvent the lockout mechanism for the CentralAuth account...

6.8CVSS6.2AI score0.01932EPSS
Exploits1References6Affected Software3
CNVD
CNVD
added 2020/03/18 12:0 a.m.2 views

cPanel Feature and Demo Account Restriction Bypass Vulnerability

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 84.0.20. An attacker could exploit the vulnerability to...

5.3CVSS6.7AI score0.00836EPSS
Exploits0References1
Rows per page
Query Builder