Lucene search
K

7 matches found

EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score
Exploits0References5
The Hacker News
The Hacker News
added 3 days ago13 views

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a...

6.1AI score
Exploits0
OSV
OSV
added 2026/04/16 11:36 p.m.8 views

BIT-AUTHENTIK-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

9.8CVSS5.7AI score0.00585EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-37284

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00585EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 8:53 a.m.11 views

CVE-2024-38371

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

8.6CVSS7.1AI score0.00585EPSS
Exploits0
OSV
OSV
added 2024/06/28 5:58 p.m.6 views

CVE-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

8.6CVSS7AI score0.00585EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/06/28 12:0 a.m.3 views

authentik Security Vulnerabilities

authentik is an open source identity provisioning application from authentik open source. A security vulnerability exists in authentik that stems from a failure to check access restrictions assigned to the application when using the OAuth2 device code flow...

9.8CVSS7AI score0.00585EPSS
Exploits0References6
Rows per page
Query Builder