Lucene search
K

405 matches found

Cvelist
Cvelist
added 2026/06/25 8:38 p.m.20 views

CVE-2026-12473 OHIF Viewers DICOM Server-Side request forgery

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:38 p.m.5 views

EUVD-2026-39561

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52093

🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 1:16 p.m.11 views

CVE-2026-48895

CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...

7.2CVSS5.8AI score0.00409EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Munge

MUNGE is an authentication service for creating and validating user credentials. From version 0.5 to 0.5.17, local attackers could exploit a buffer overflow vulnerability in MUNGE the authentication daemon to leak cryptographic key material from process memory. With the leaked key material,...

7.8CVSS7.7AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 11:0 p.m.9 views

EUVD-2026-35871

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34087

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

7.5CVSS5.4AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:40 a.m.8 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS5.8AI score0.00074EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/27 9:11 p.m.16 views

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

5.8AI score0.00064EPSS
Exploits0References6Affected Software2
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.14 views

CVE-2026-0265 Vulnerability Assessment Tool

CVE-2026-0265 is a remote authentication bypass affecting PAN-OS and Panorama that triggers when an authentication profile uses Cloud Authentication Service CAS. This tool safely detects whether an instance is vulnerable without authenticating any session or modifying any state...

9.2CVSS5.8AI score0.0044EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/20 8:12 p.m.107 views

Exploit for CVE-2026-0265

CVE-2026-0265 Vulnerability Assessment Tool Safely detect whe...

9.2CVSS6AI score0.0044EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/17 1:31 a.m.157 views

Exploit for CVE-2026-0265

CVE-2026-0265 Risk Checker for Palo Alto PAN-OS A Python script...

9.2CVSS5.9AI score0.0044EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.10 views

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References1
Rapid7 Blog
Rapid7 Blog
added 2026/05/14 7:15 p.m.10 views

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticate...

9.2CVSS5.8AI score0.0044EPSS
Exploits3
EUVD
EUVD
added 2026/05/13 6:30 p.m.9 views

EUVD-2026-30066

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References2
NVD
NVD
added 2026/05/13 6:16 p.m.11 views

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS0.0044EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/05/13 5:38 p.m.39 views

CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS0.0044EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:38 p.m.8 views

CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:38 p.m.8 views

CVE-2026-0265

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/05/13 5:38 p.m.31 views

CVE-2026-0265

PAN-OS contains an authentication bypass vulnerability (CVE-2026-0265) when Cloud Authentication Service (CAS) is enabled. An unauthenticated attacker with network access can bypass authentication controls on affected PAN-OS platforms, including PA-Series/VM-Series firewalls and Panorama (virtual...

9.2CVSS5.8AI score0.0044EPSS
Exploits3References2
Rows per page
Query Builder