Lucene search
K

122 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-55299

Name of the Vulnerable Software and Affected Versions Apereo CAS versions 7.3.0 through 8.0.0-RC5 Description A cryptographic issue allows remote unauthenticated attackers to recover plaintext conversation state. This occurs because the system reuses the AES-GCM initialization vector IV across th...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: cryptacular (UTSA-2026-016656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016656 advisory. CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode...

7.5CVSS6.9AI score0.03334EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/23 12:0 a.m.12 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...

8.6CVSS5.8AI score0.0122EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1832

Malware in sbrugna...

7.5CVSS7.5AI score0.01204EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2025-12431

Malicious code in bioql PyPI...

5CVSS5.2AI score0.00394EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12426

Malicious code in bioql PyPI...

5.3CVSS4.7AI score0.00516EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-33684

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00349EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3859

Malicious code in bioql PyPI...

8.1CVSS8AI score0.01751EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12427

Malicious code in bioql PyPI...

5.1CVSS3.9AI score0.00522EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54465

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00941EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2624

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00503EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33685

Malicious code in bioql PyPI...

8.1CVSS4.8AI score0.00741EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33686

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00603EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.7 views

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitati...

8.1CVSS6.7AI score0.00741EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.6 views

CVE-2024-11207

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirecturi leads to open redirect. The attack can be launched remotely. The exploit has been disclosed t...

5.3CVSS6.7AI score0.00349EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.6 views

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS6.7AI score0.00603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.4 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

7.5CVSS7AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.11 views

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...

6.1CVSS5.8AI score0.08064EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.9 views

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

7.5CVSS6.9AI score0.01204EPSS
Exploits0
Rows per page
Query Builder