Lucene search
K

161617 matches found

Snyk
Snyk
added 2026/05/28 3:53 a.m.9 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 3:16 a.m.8 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via improper enforcement of scope mapping in the Fine-Grained Admin Permission...

7.3CVSS6AI score0.00292EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 3:12 a.m.11 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.27 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS0.00303EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44419

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description An authentication bypass exists that allows attackers to impersonate users, bypass multifactor authentication, and gain persistent unauthorized access. The issue occurs because the...

5.8AI score0.00201EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.10 views

Debian dla-4605 : python-flask-httpauth-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4605 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44383

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the default empty value of api.apiClientToken in API v4.0, which allowed unverified users to create...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from the SAML callback handler in controllers/auth.go, which accepted SA...

5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44427

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the internal RPC layer reverting to the public default key when no shared key was configured, which could lead to...

9.8CVSS5.8AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44733

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44379

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44420

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the high ESN value in the xfrm AH is not properly considered during asynchronous...

5.8AI score0.00128EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the RBAC policy executor unconditionally merging the original JSON request...

8.8CVSS5.9AI score0.00329EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the application credential authentication plugin not verifying user identities...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass in the password reset endpoint, allowing unverified attackers to reset the...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder