Lucene search
K

33 matches found

NVD
NVD
added 2026/05/29 11:16 a.m.16 views

CVE-2026-46579

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.5CVSS0.0023EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 4:1 a.m.12 views

Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/23 4:1 a.m.8 views

MAL-2026-4410 Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 5:25 p.m.13 views

CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS5.9AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 5:8 a.m.34 views

CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS0.00296EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Lean Crypto Library 安全漏洞

Lean Crypto Library is a lightweight quantum-resistant cryptographic algorithm library developed by smuellerDD as an individual project. Versions of Lean Crypto Library prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from integer overflows that occurred when the...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:16 p.m.4 views

UBUNTU-CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/19 4:47 p.m.5 views

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

7.8CVSS6AI score0.00302EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.9 views

CVE-2024-41178

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...

7.5CVSS7AI score0.0071EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/06 3:34 a.m.3 views

Malicious Package

Overview ing-feat-auth-idin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.4 views

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana version 12.x. The vulnerability ste...

10CVSS6.9AI score0.17293EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-18457

Malware in sbrugna...

9.1CVSS9.1AI score0.00488EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6275

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.00444EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.2 views

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup that stems from the client incorrectly sending an authorization header when handling HTTP redirects, which could lead to user identity impersonation...

6.8CVSS6.9AI score0.00478EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/13 11:38 a.m.14 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS6.5AI score0.00444EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.4 views

WordPress plugin Asgaros Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS5.9AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.6 views

PT-2026-28482

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.42 Traefik versions prior to 3.6.12 Traefik versions prior to 3.7.0-ea.3 Description Traefik, an HTTP reverse proxy and load balancer, is susceptible to an identity impersonation issue. When the headerField...

9CVSS5.9AI score0.00469EPSS
Exploits1References54
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.6 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...

7.6CVSS5.8AI score0.00561EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/28 2:20 a.m.3 views

SUSE CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS6.7AI score0.00444EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.11 views

RHEL 6 : openstack-keystone (RHSA-2014:0994)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0994 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activitie...

6.5CVSS5.7AI score0.02308EPSS
Exploits2References6
Rows per page
Query Builder