Lucene search
K

374 matches found

NVD
NVD
added yesterday7 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS
Exploits0References4
CVE
CVE
added yesterday12 views

CVE-2026-42505

CVE-2026-42505 describes a privacy leakage in handshakes using Encrypted Client Hello (ECH) , where a passive observer can de-anonymize connections due to disclosure of pre-shared key (PSK) identities in the unencrypted ClientHello. The vulnerability is documented across multiple sources (NVD, EU...

5.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-42317

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS5.9AI score
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-55952

Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References7Affected Software2
OSV
OSV
added last week4 views

PYSEC-2026-739 Moderate severity vulnerability that affects Products.PlonePAS

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

6CVSS6.1AI score0.00962EPSS
Exploits0References9
Fedora
Fedora
added 2026/07/02 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: opkssh-0.14.0-3.fc43

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS5.8AI score0.00513EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 2:34 p.m.29 views

CVE-2026-58024 API identification of users on private wikis

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS0.00382EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:6 p.m.35 views

CVE-2026-58448 yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:6 p.m.12 views

CVE-2026-58448

CVE-2026-58448 affects yudao-cloud (BPM module) prior to 2026.06. A broken access control flaw allows any authenticated user to read arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected GET endpoint that lacks the @PreAuthorize annotati...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58165

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS0.00244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53997

Name of the Vulnerable Software and Affected Versions yudao-cloud versions prior to 2026.06 Description A broken access control issue exists in the BPM module. An authenticated user can access arbitrary process instance records by providing a caller-controlled process-instance identifier to an...

7.1CVSS6AI score0.00235EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/26 11:30 a.m.13 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS0.00181EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2026-8646

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

9.1CVSS0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00182EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:9 p.m.6 views

CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 9:12 p.m.2 views

SUSE-SU-2026:22168-1 Security update for strongswan

This update for strongswan fixes the following issue - CVE-2026-47895: Double-Free When Destroying Certain Cloned Identities bsc1266360...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/18 9:8 p.m.2 views

OPENSUSE-SU-2026:21092-1 Security update for strongswan

This update for strongswan fixes the following issue - CVE-2026-47895: Double-Free When Destroying Certain Cloned Identities bsc1266360...

5.8AI score
Exploits0References2
Rows per page
Query Builder