Lucene search
K

186 matches found

Debian CVE
Debian CVE
added 2026/03/16 5:37 p.m.18 views

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS5.3AI score0.00142EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/21 4:13 p.m.9 views

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

7.5CVSS5.8AI score0.0019EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/21 4:13 p.m.8 views

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

9.1CVSS5.8AI score0.00209EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.9 views

CVE-2022-31145

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

6.5CVSS6.5AI score0.00959EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.4 views

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...

9.1CVSS7.2AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.4 views

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

9.2CVSS7.2AI score0.00239EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/12/23 12:0 a.m.10 views

This Week in Spring – December 23rd, 2025

Happy holidays, everyone! The year may be winding down, but the Spring ecosystem continues unabated. We’re now a few weeks past the generational Spring Boot 4.0 release in November, and there have been tons of releases and patches since then. There’s also equal excitement reflected in posts from...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/12/16 12:0 a.m.8 views

This Week in Spring – December 16th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-201929

A vulnerability has been identified in COMOS V10.6 All versions, COMOS V10.6 All versions, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Update 10, Solid Edge...

9.1CVSS6.2AI score0.00188EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201928

A vulnerability has been identified in COMOS V10.6 All versions, COMOS V10.6 All versions, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled as NX X, Simcente...

9.2CVSS6.2AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:17 p.m.8 views

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

9.2CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.33 views

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

9.2CVSS0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 10:44 a.m.6 views

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

9.2CVSS7.2AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.23 views

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...

9.1CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 10:44 a.m.13 views

CVE-2025-40800

CVE-2025-40800 affects Siemens products including COMOS, NX, Simcenter 3D/Femap, and Solid Edge. The IAM client in these products fails to validate server certificates when establishing TLS connections to the authorization server, enabling potential man-in-the-middle attacks. Affected versions in...

9.1CVSS7.2AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 10:44 a.m.2 views

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...

9.1CVSS7.2AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 4:44 p.m.5 views

DRUPAL-CONTRIB-2025-114

This module introduces an OAuth 2.0 authorization server, which can be configured to protect your Drupal instance with access tokens, or allow clients to request new access tokens and refresh them. The module doesn't sufficiently respect granted scopes, it affects all access checks that are based...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 3:38 p.m.54 views

GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover

Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...

7.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/29 3:38 p.m.14 views

FastMCP Auth Integration Allows for Confused Deputy Account Takeover

Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...

5.8AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-5898

Malware in sbrugna...

6.1CVSS6.3AI score0.00793EPSS
Exploits0References2
Rows per page
Query Builder