Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.15 views

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 6:16 p.m.18 views

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS0.00364EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:43 p.m.8 views

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:43 p.m.11 views

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 5:43 p.m.31 views

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS0.00364EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 5:43 p.m.32 views

CVE-2026-44668

CVE-2026-44668 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Prior to version 1.8.3, the authentication gate for all Struts2 actions is implemented by AccessControlInterceptor and unconditionally calls invocation.invoke() without validating a session. Four methods i...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43346

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References4
Rows per page
Query Builder