Lucene search
K

161570 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 4:1 a.m.11 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.14 views

SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 3:53 a.m.9 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 3:16 a.m.7 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via improper enforcement of scope mapping in the Fine-Grained Admin Permission...

7.3CVSS6AI score0.00292EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 3:12 a.m.11 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44707

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.27 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS0.00303EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44419

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description An authentication bypass exists that allows attackers to impersonate users, bypass multifactor authentication, and gain persistent unauthorized access. The issue occurs because the...

5.8AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44467

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get shared secret in crates/ecstore/src/rpc/http auth.rs, falls back...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44383

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the default empty value of api.apiClientToken in API v4.0, which allowed unverified users to create...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from the SAML callback handler in controllers/auth.go, which accepted SA...

5.8AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the internal RPC layer reverting to the public default key when no shared key was configured, which could lead to...

9.8CVSS5.8AI score0.00268EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises when user accounts are temporarily locked due to failed login attempts. Attackers with valid client credentials can exploit the revers...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44193

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Client-Initiated Backchannel Authentication CIBA flow allows an attacker with valid client credentials to bypass brute-force protection. When a user account is temporarily lock...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44733

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44379

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

MENNEKES AMTRON 安全漏洞

MENNEKES AMTRON is a series of electric vehicle AC charging stations and wall-mounted charging systems from MENNEKES Corporation. Versions of MENNEKES AMTRON 5.22.3 and earlier contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, which may allow unauthenticat...

10CVSS5.8AI score0.00612EPSS
Exploits1References1
Rows per page
Query Builder