Lucene search
K

161615 matches found

OSV
OSV
added 2026/05/28 10:16 a.m.12 views

UBUNTU-CVE-2026-46119

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a potentially corrupted message of type CEPHMSGAUTHREPLY contains a positive value in its result field, it is treated as an error code by cephhandleauthreply an...

9.1CVSS5.9AI score0.00525EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 10:16 a.m.5 views

UBUNTU-CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/28 9:57 a.m.103 views

Exploit for CVE-2026-48710

BadHost — CVE-2026-48710 Scanner Detection-only scanner for t...

6.5CVSS6AI score0.01438EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/28 9:52 a.m.71 views

Exploit for CVE-2025-47227

cve202547227...

7.5CVSS7.5AI score0.01955EPSS
Exploits5
CVE
CVE
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46193

CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.27 views

CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

0.00128EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/28 8:57 a.m.9 views

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...

8.1CVSS5.8AI score0.00405EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/28 7:55 a.m.7 views

WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...

6.5CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
NCSC
NCSC
added 2026/05/28 6:49 a.m.22 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

8.2CVSS5.7AI score0.00471EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:45 a.m.12 views

EUVD-2026-32735

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References11
NVD
NVD
added 2026/05/28 5:16 a.m.15 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00292EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 5:16 a.m.17 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/28 4:42 a.m.12 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 4:37 a.m.32 views

CVE-2026-9798 Keycloak: keycloak: brute-force protection bypass in ciba flow

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:37 a.m.14 views

CVE-2026-9798 Keycloak: keycloak: brute-force protection bypass in ciba flow

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 4:37 a.m.11 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 4:37 a.m.37 views

CVE-2026-9798

Keycloak is affected by a flaw where, after a user account is temporarily locked due to repeated failed logins, an attacker with valid client credentials can abuse the Client-Initiated Backchannel Authentication (CIBA) flow to bypass the lock. This allows continued authentication attempts and tok...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 4:1 a.m.10 views

EUVD-2026-32711

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:1 a.m.11 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.14 views

SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
Rows per page
Query Builder