Lucene search
K

1376 matches found

Nuclei
Nuclei
added 2 days ago13 views

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

8.6CVSS7.2AI score0.49051EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 3 days ago6 views

Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00399EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41440

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score0.00367EPSS
Exploits0References5
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added last week26 views

CVE-2026-50721 IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS0.00367EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score0.00367EPSS
Exploits0References5
Debian CVE
Debian CVE
added last week5 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00367EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 6:46 a.m.35 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:46 a.m.16 views

CVE-2026-56016

CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 6:46 a.m.7 views

EUVD-2026-40927

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 8:11 p.m.33 views

CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 4:48 p.m.10 views

CVE-2026-57915

A flaw was found in Apache Kerby. An attacker can bypass the Kerberos pre-authentication check by sending a Pre-Authentication Data PA-DATA packet with an unrecognized or unsupported type. This vulnerability allows an attacker to circumvent the initial authentication step, potentially leading to...

7.3CVSS5.6AI score0.00321EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39597

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 11:27 p.m.41 views

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 8:57 p.m.5 views

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 4:14 p.m.4 views

EUVD-2026-38504

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...

5.4CVSS5.9AI score0.00338EPSS
Exploits2References1
CVE
CVE
added 2026/06/23 4:14 p.m.19 views

CVE-2026-44961

The CVE-2026-44961 entry affects Revive Adserver’s XML‑RPC addUser API. The flaw is a validation bypass introduced in the fix for CVE-2025‑55129, enabling username-based impersonation or stored XSS unless proper validation is present. The available documents confirm that correct validation has no...

5.8AI score0.00338EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.5 views

CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...

7.4CVSS5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. Preconditions Relying-party service is hosted with WSFederationHttpBinding or...

10CVSS5.9AI score
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...

6.8CVSS6.9AI score0.00478EPSS
Exploits0References2
Rows per page
Query Builder