Lucene search
K

20 matches found

NVD
NVD
added 2026/06/18 5:16 p.m.8 views

CVE-2026-54104

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS0.004EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.12 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:13 p.m.6 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.4AI score0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 4:13 p.m.29 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.25 views

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:12 p.m.9 views

EUVD-2026-37911

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS5.2AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.21 views

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS0.004EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:12 p.m.6 views

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.5AI score0.00427EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/18 4:12 p.m.14 views

EUVD-2026-37910

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.39 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:12 p.m.27 views

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

5.1CVSS5.8AI score0.00289EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2021/03/05 8:45 p.m.195 views

U.S. Weapons Programs Lack 'Key' Cybersecurity Measures

Weapons programs from the U.S. Department of Defense DoD are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out...

7.4AI score
Exploits0References8
ThreatPost
ThreatPost
added 2018/10/25 3:27 p.m.544 views

Pentagon Expands Bug-Bounty Program to Include Physical Systems

The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...

7.5AI score
Exploits0References5
Schneier on Security
Schneier on Security
added 2018/10/10 11:21 a.m.32 views

Security Vulnerabilities in US Weapons Systems

The US Government Accounting Office just published a new report: "Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities" summary here. The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivi...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/09/19 7:45 p.m.10 views

Massachusetts Hospital Agrees to Pay $1.5m After Stolen Laptop HIPAA Violation

Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services HSS earlier this week, settling a HIPAA violation stemming from a 2010 incident. The agreement acknowledges that the hospital failed to comply with...

6.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/07/03 6:41 p.m.18 views

GAO Calls out the FDIC

It’s not always malicious hackers and purported state actors that expose weaknesses in government systems. Sometime it’s other government agencies as well. This was the case when federal watchdog, the Government Accountability Office, audited and subsequently called out the Federal Deposit...

2.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/08/19 3:44 p.m.9 views

Insulin Pump Hack Garners Federal Attention

The hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump. Senior Committee members Anna G...

3.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2011/07/25 9:19 p.m.22 views

GAO: The DoD's Plan To Unify Cyber Defenses Looks Like Swiss Cheese

A new report out from the Government Accountability Office GAO warns that the U.S. Department of Defense’s efforts to unify its cyber security operations has serious gaps and that the Department is “unprepared to meet the current threat” of cyber attack. The report, issued on Monday, is an...

7.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2009/11/18 9:25 p.m.8 views

GAO Names Areas of Threat to U.S.

It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case as the Government Accountability Office took yet another critical look at the US federal security systems and found...

1.1AI score
Exploits0References2
Rows per page
Query Builder