Lucene search
+L

456 matches found

Cvelist
Cvelist
added 2 days ago39 views

CVE-2026-9810 AI Chatbot & Workflow Automation by AIWU < 1.5.4 - Unauthenticated Privilege Escalation via MCP OAuth

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-45150

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS5.6AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60554

Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions prior to 3.12.3 Description An issue exists where tokens issued via the GENURLAUTH command can bypass Access Control Lists ACLs. An authenticated user can generate a URLAUTH token for any specified mailbox, regardless of...

3.5CVSS5.3AI score0.00169EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44689

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57986

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions prior to 4.5.30 Eclipse Vert.x versions prior to 5.1.5 Description The DefaultRedirectHandler in the vertx-core module propagates all request headers during cross-origin HTTP 30x redirects without performing origin...

8.2CVSS6.1AI score0.00141EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-43305

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

6.5CVSS6.1AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-9571 Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 9:16 a.m.6 views

CVE-2026-6440

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS0.00168EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 9:16 p.m.12 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.11 views

CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS0.00308EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:4 p.m.10 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 9:4 p.m.5 views

CVE-2026-49277 Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS6AI score0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:17 p.m.19 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS0.00153EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 8:8 p.m.26 views

CVE-2026-53926

NocoDB vulnerability CVE-2026-53926: prior to 2026.05.1, revokeAllOAuthTokensByUser was an empty stub used by passwordChange, passwordForgot, and passwordReset, so OAuth access and refresh tokens were not revoked after a password change/reset, allowing an attacker-issued token to remain valid. Th...

6.3CVSS5.9AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 8:8 p.m.6 views

CVE-2026-53926 NocoDB: OAuth Tokens Persist Through Security Events

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and passwordReset. OAuth access and refresh tokens were not revoked when the user changed, reset, or...

6.3CVSS6AI score0.00295EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.6 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00153EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.37 views

CVE-2026-9073 Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.10 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.7AI score0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:40 p.m.83 views

CVE-2026-11807

CVE-2026-11807 affects Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions when processing Worker messages, permitting any authenticated user to forge a message with an arbitrary activation_id and access plaintext credentials tied to tha...

9.6CVSS5.9AI score0.00379EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51592

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...

6.2CVSS5.8AI score0.00153EPSS
Exploits0References8
Rows per page
Query Builder