CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

190 matches found

RedhatCVE•added 2026/01/09 12:37 p.m.•4 views

CVE-2023-50770

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining...

6.7CVSS6.7AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:30 p.m.•6 views

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

5.9CVSS6.9AI score0.00129EPSS

Exploits0References1

Tenable Nessus•added 2025/12/08 12:0 a.m.•2 views

Oracle Linux 7 : sssd (ELSA-2025-19847)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19847 advisory. 1.16.5-10.0.5.16 - krb5: disable Kerberos localauth an2ln plugin for AD/IPA Orabug: 38621159 Tenable has extracted the preceding description block directly fro...

8.8CVSS5.5AI score0.00046EPSS

Exploits0References2

Github Security Blog•added 2025/11/25 9:42 p.m.•6 views

Better Auth Passkey Plugin allows passkey deletion through IDOR

Summary Affected versions of the better-auth passkey plugin allow users with any valid session to delete arbitrary passkeys via their ID using POST /passkey/delete-passkey. Details ctx.body.id is implicitly trusted and used in passkey deletion queries. better-auth applications configured with...

6.9AI score

Exploits0References3Affected Software1

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in comet-auth-html-webpack-plugin-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5b037c3a10e0eb5d63054a411dd6a2daeb791121c669593b5602687a52454b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSV•added 2025/11/12 4:29 a.m.•1 views

MAL-2025-143130 Malicious code in halley-auth-vega-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9e198bf855eb0b039d2d08b024a85c30d227cbd2fc6698801a6f92c2a987080 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

RedHat Linux•added 2025/11/11 7:30 p.m.•2 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00046EPSS

Exploits0References6

CNNVD•added 2025/10/15 12:0 a.m.•1 views

WordPress plugin Keyy Two Factor Authentication 授权问题漏洞

WordPress Keyy Two Factor Authentication plugin is a plugin for enhancing the login security of your website. A privilege escalation vulnerability exists in the WordPress Keyy Two Factor Authentication plugin, which can be exploited by an attacker to cause an elevation of privilege, due to a...

8.8CVSS6.7AI score0.00075EPSS

Exploits0References3

CVE•added 2025/10/09 1:37 p.m.•17 views

CVE-2025-11561

CVE-2025-11561 affects the System Security Services Daemon (SSSD) on Linux in default AD integration configurations. A fallback path from the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) to the an2ln plugin can be taken if AD attributes (e.g., userPrincipalName or samAccountN...

8.8CVSS6.1AI score0.00046EPSS

Exploits0References28

EUVD•added 2025/10/09 1:37 p.m.•3 views

EUVD-2025-33347

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin sssdkrb5localauthplugin, allowing an attacker with permission to modify certain AD...

8.8CVSS6AI score0.00046EPSS

Exploits0References4

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41381

Name of the Vulnerable Software and Affected Versions System Security Services Daemon SSSD affected versions not specified Description A security issue exists in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. By default, SSSD does not enable the...

9CVSS6.5AI score0.00046EPSS

Exploits0References91

OSSF Malicious Packages•added 2025/10/07 2:44 p.m.•3 views

Malicious code in eslint-plugin-custom-msal-w (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e152a7488bd0f7129231f38c46e92a0a1163247faac591a269193b2b08231736 Any computer that has this package installed or running should be considered...

6.8AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-9294

Malware in sbrugna...

8.8CVSS8.6AI score0.00374EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-0831

Malware in sbrugna...

8.1CVSS6.9AI score0.00144EPSS

Exploits0References6