CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

378 matches found

OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

8.8CVSS7.3AI score0.03536EPSS

Exploits0References4

CVE•added yesterday•4 views

CVE-2026-53188

Technical details are not publicly available in the provided documents. Monitor for updates.

5.8AI score0.00173EPSS

Exploits0References3

Snyk•added 5 days ago•5 views

Insufficient Session Expiration

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insufficient Session Expiration in the authenticateuser function. An attacker can gain unauthorized access or maintain access to sensitive information by exploiting session...

7.1CVSS6.6AI score0.00262EPSS

Exploits1References2

ATTACKERKB•added 5 days ago•6 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS

Exploits1References5Affected Software1

EUVD•added 5 days ago•7 views

EUVD-2026-38138

6.5CVSS6.2AI score0.00262EPSS

Exploits1References5

Cvelist•added 5 days ago•37 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

6.5CVSS0.00262EPSS

Exploits1References5

Cvelist•added 2026/06/17 9:48 p.m.•19 views

CVE-2026-12566 SSRF via unvalidated WWW-Authenticate realm in docker_pull module

The dockerpull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication reques...

3.1CVSS0.00167EPSS

Exploits0References1

Positive Technologies•added 2026/06/17 12:0 a.m.•9 views

PT-2026-50561

Name of the Vulnerable Software and Affected Versions bbot affected versions not specified Description The docker pull module fails to validate the realm parameter received from a Docker registry's WWW-Authenticate response header when using it as the authentication endpoint. A man-in-the-middle...

3.1CVSS5.4AI score0.00167EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 8:58 a.m.•8 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

5.4AI score0.00404EPSS

Exploits0References1

EUVD•added 2026/06/12 8:58 a.m.•9 views

EUVD-2026-36398

6.5CVSS5.4AI score0.00404EPSS

Exploits0References1

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48849

5.4AI score0.00404EPSS

Exploits0References3

Tenable Nessus•added 2026/06/12 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-9742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OIDC authentication is enabled in configuration, clients may set specific values in the mechanism parameter of the authenticate command that lead to server...

8.2CVSS5.9AI score0.00347EPSS

Exploits0References2

RedhatCVE•added 2026/06/11 2:59 a.m.•9 views

CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS

Exploits0References1

EUVD•added 2026/06/10 12:31 a.m.•16 views

EUVD-2026-35860

8.2CVSS5.5AI score0.00347EPSS

Exploits0References2

OSV•added 2026/06/09 11:17 p.m.•4 views

UBUNTU-CVE-2026-9742

8.2CVSS5.3AI score0.00347EPSS

Exploits0References3

Vulnrichment•added 2026/06/09 9:57 p.m.•5 views

CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

8.2CVSS5.5AI score0.00347EPSS

Exploits0References1

CVE•added 2026/06/09 9:57 p.m.•18 views

CVE-2026-9742

The CVE-2026-9742 entry describes a vulnerability in MongoDB where, when OIDC authentication is enabled, a crafted value in the mechanism parameter of the authenticate command can crash the server. The authenticate command is reachable by unauthenticated clients, enabling pre-auth denial-of-servi...

8.2CVSS5.5AI score0.00347EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 9:57 p.m.•34 views

CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

8.2CVSS0.00347EPSS

Exploits0References1

MongoDB•added 2026/06/09 9:57 p.m.•8 views

Authenticate command with specific mechanism parameter can trigger server crash

8.2CVSS5.5AI score0.00347EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•12 views

PT-2026-48290

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When OIDC OpenID Connect, an identity layer on top of the OAuth 2.0 protocol authentication is enabled in the configuration, unauthenticated clients can cause a...

8.2CVSS5.4AI score0.00347EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by