Lucene search
K

485 matches found

EUVD
EUVD
added 2026/06/15 7:28 p.m.12 views

EUVD-2026-32917

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed...

7.4CVSS5.1AI score0.00394EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/12 8:55 a.m.36 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00418EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:55 a.m.26 views

CVE-2026-50627

The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...

9.1CVSS5.2AI score0.00418EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

RockyLinux 9 : openssl (RLSA-2026:25239)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

9.1CVSS6.2AI score0.02719EPSS
Exploits0References31
AlmaLinux
AlmaLinux
added 2026/06/11 12:0 a.m.8 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References32
OSV
OSV
added 2026/06/09 12:0 a.m.4 views

UBUNTU-CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.3CVSS5.6AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 1:16 p.m.12 views

CVE-2026-7765

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:16 p.m.6 views

UBUNTU-CVE-2026-7765

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 12:6 p.m.10 views

EUVD-2026-35051

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:6 p.m.9 views

CVE-2026-7765

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 12:6 p.m.49 views

CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 12:6 p.m.24 views

CVE-2026-7765

Checkmk

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 12:6 p.m.9 views

CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47285

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:48 p.m.8 views

OESA-2026-2561 glib-networking security update

glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies. Security Fixes: A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafte...

4.3CVSS5.5AI score0.00184EPSS
Exploits0References2
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.19 views

CVE-2026-25681 vulnerabilities

Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...

6.1CVSS5.9AI score0.00178EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.14 views

CVE-2026-25680 vulnerabilities

Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.18 views

CVE-2026-27136 vulnerabilities

Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...

6.1CVSS5.9AI score0.00178EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.16 views

GHSA-M9X8-M34X-FJ9Q vulnerabilities

Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.19 views

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: hydra, snyk-cli, flux, ingress-nginx-controller, traefik, prometheus-operator, kine, crossplane-provider-azure-authorization, fq, kots, minio, vale, hubble, gitea, crossplane-provider-azure-storage, cilium, telegraf, argo-cd, vitess, gptscript, kubernetes-dashboard,...

5.9AI score
Exploits0
Rows per page
Query Builder