Lucene search
K

277 matches found

CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the logic that manages credit issuance. This condition may lead to the granting of...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:33 p.m.3 views

CVE-2026-41213

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

5.9CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 1:23 p.m.3 views

CVE-2026-5749 Inadequate access control vulnerability in Fullstep

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 3:30 p.m.5 views

Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path

Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...

9.1CVSS5.9AI score0.00281EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/04/09 8:28 p.m.3 views

EUVD-2026-20996

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquirecertificate direct and issuance paths...

8.1CVSS5.9AI score0.00135EPSS
Exploits1References6
OSV
OSV
added 2026/04/09 8:28 p.m.1 views

GHSA-HC36-C89J-5F4J bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

8.1CVSS5.9AI score0.00135EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/04/09 8:28 p.m.6 views

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

8.1CVSS6.1AI score0.00135EPSS
Exploits1References9Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/09 5:26 p.m.4 views

CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS5.8AI score0.00135EPSS
Exploits1References5
CVE
CVE
added 2026/04/09 5:26 p.m.12 views

CVE-2026-40070

The CVE-2026-40070 entry affects the BSV Ruby SDK (0.3.1–before 0.8.2). The vulnerability is in BSV::Wallet::WalletClient#acquire_certificate, which persists certificate records to storage without verifying the certifier’s signature in both acquisition_protocol paths: direct (caller-supplied fiel...

8.1CVSS5.9AI score0.00135EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2026/04/09 5:26 p.m.22 views

CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS0.00135EPSS
Exploits1References5
RubySec
RubySec
added 2026/04/09 12:0 a.m.8 views

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

8.1CVSS6.1AI score0.00135EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/04/09 12:0 a.m.8 views

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

8.1CVSS6AI score0.00135EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31672

Name of the Vulnerable Software and Affected Versions BSV Ruby SDK versions 0.3.1 through 0.8.1 BSV Ruby Wallet versions 0.1.2 through 0.3.3 Description The BSV Ruby SDK and Wallet contain a flaw in the acquire certificate function, which does not verify the certifier's signature over the...

8.1CVSS5.9AI score0.00135EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/04/02 6:29 p.m.19 views

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 4:41 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/30 4:41 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/30 4:41 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/27 2:10 p.m.3 views

CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 2:10 p.m.3 views

CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...

9.6CVSS6.4AI score0.00411EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:30 p.m.7 views

CVE-2026-4340

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
Rows per page
Query Builder