Lucene search
K

59 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.8AI score0.00305EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.9 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.4AI score0.00305EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

TYPO3 CMS 代码问题漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...

6.3CVSS6.4AI score0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 a.m.16 views

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS0.00305EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:47 a.m.9 views

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.7AI score0.00305EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/28 4:47 a.m.12 views

CVE-2026-9802 Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.7AI score0.00305EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 4:47 a.m.44 views

CVE-2026-9802 Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS0.00305EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 4:47 a.m.11 views

EUVD-2026-32720

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.7AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:47 a.m.34 views

CVE-2026-9802

Keycloak contains a vulnerability where, with revokeRefreshToken=true and persistent session storage, a server restart can reset internal timing mechanisms, enabling a remote attacker who has captured a user’s refresh token to replay it after revocation. This can grant unauthorized access to the ...

6.8CVSS5.7AI score0.00305EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/28 4:47 a.m.13 views

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.6AI score0.00305EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 4:10 a.m.6 views

Insufficient Session Expiration

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the startupTime reset during server restart when revokeRefreshToken=tr...

7.6CVSS5.4AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 5:42 p.m.19 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. A stored XSS flaw exists prior to version 1.8.3 where user-supplied attachment filename values are persisted and rendered into HTML and attribute contexts without output encoding in remediation verification/file preview flows....

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:30 p.m.4 views

CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

5.1CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 3:2 p.m.7 views

GO-2025-4076 Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation...

8.3CVSS7AI score0.00105EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/28 5:49 p.m.2 views

EUVD-2025-36551

Contrast has insecure LUKS2 persistent storage partitions may be opened and used...

6.5AI score
Exploits0References4
OSV
OSV
added 2025/10/28 5:49 p.m.4 views

GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

5.7CVSS6.6AI score
Exploits0References5
Cvelist
Cvelist
added 2025/10/27 7:33 p.m.8 views

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

8.3CVSS0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/27 4:20 p.m.9 views

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

8.3CVSS6.6AI score0.00105EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder