Lucene search
K

384 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 9:11 p.m.14 views

Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...

6.1CVSS5.7AI score0.00313EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/05 9:11 p.m.4 views

GHSA-QX5F-GHC2-7G5C Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...

6.1CVSS5.7AI score0.00313EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37261

Name of the Vulnerable Software and Affected Versions Fides versions 2.75.0 through 2.83.1 Description Deployments that enable both subject identity verification and duplicate privacy request detection are susceptible to an issue where an administrator can approve a privacy request without the...

6.1CVSS5.7AI score0.00313EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/22 9:31 p.m.5 views

EUVD-2026-22824

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-32999

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.9AI score0.00335EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.12 views

WordPress plugin Age Verification & Identity Verification by Token of Trust 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS6AI score0.00335EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/31 6:28 p.m.6 views

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

Synopsys Coverity Connect 安全漏洞

Synopsys Coverity Connect is a web-based platform provided by Synopsys, Inc. It primarily consists of static code analysis tools and dynamic code analysis tools. Synopsys Coverity Connect has security vulnerabilities; one of these vulnerabilities stems from the identity verification logic in the...

9.3CVSS5.9AI score0.00478EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

IGL-Technologies eParking.fi 安全漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability, as the identity verification identifier of the charging statio...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 10:6 p.m.14 views

EUVD-2026-13253

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

5.4CVSS5.8AI score0.00268EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.13 and 8.6.39. These vulnerabilities stemmed from the OAuth2 authentication...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.9 and 8.6.22 contain authorization vulnerabilities. This vulnerability stems from the OAuth2 authentication adapter not...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.7 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.28 had code vulnerabilities. These vulnerabilities stemmed from defects in the OpenId functionality, which could lead to forged server requests without proper verification...

5.3CVSS5.9AI score0.00323EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

EV Energy 安全漏洞

EV Energy is an electric vehicle charging software platform operated by the British company EV Energy. There is a security vulnerability within EV Energy, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

6.9CVSS5.8AI score0.00279EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

SWITCH EV 安全漏洞

SWITCH EV is a electric vehicle charging facility management platform developed by the US company SWITCH. There is a security vulnerability in SWITCH EV, which stems from the fact that the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.12 views

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/02/20 2:8 p.m.20 views

Age verification vendor Persona left frontend exposed, researchers say

Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short whil...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/19 4:24 p.m.3 views

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

7.8CVSS6AI score0.00302EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/19 4:22 p.m.8 views

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

7.8CVSS6AI score0.00302EPSS
Exploits0References7
Rows per page
Query Builder