Lucene search
K

6992 matches found

CVE
CVE
added 1 hour ago8 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 4 hours ago8 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
Nuclei
Nuclei
added 13 hours ago17 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.3AI score0.06139EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-36315

OpenClaw: Embedded runner policy could be confused by provider aliases...

4.8CVSS5.7AI score0.00093EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-41407

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
CVE
CVE
added 2 days ago8 views

CVE-2026-13603

CVE-2026-13603 affects the pretix-oppwa payment integration. The vulnerability arises from insecure handling of Oppwa’s API URL: the code concatenated resourcePath from the return URL to baseUrl without validation and without a trailing slash, enabling an attacker to redirect the API call to a di...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-11883

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

7.2CVSS0.00365EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-11883

CVE-2026-11883 affects the WebAuthn Provider for Two Factor WordPress plugin (before 2.5.6). The vulnerability arises from incorrect validation of the second-factor authentication response, enabling an attacker who already knows a user’s password to bypass 2FA by submitting a malformed request. T...

7.2CVSS5.8AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-14124

Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

0.00082EPSS
Exploits0References2
CVE
CVE
added 3 days ago4 views

CVE-2026-14124

CVE-2026-14124 affects Google Chrome on Windows (before version 150.0.7871.47). The vulnerability is due to an inappropriate CredentialProvider implementation, enabling a local attacker to escalate privileges via a malicious file. The described impact is OS-level, with high confidentiality, integ...

7.8CVSS5.8AI score0.00082EPSS
Exploits0References2
NVD
NVD
added 3 days ago11 views

CVE-2026-8451

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS0.00502EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS0.00233EPSS
Exploits0References2
CVE
CVE
added 3 days ago18 views

CVE-2026-8451

CVE-2026-8451 describes insufficient input validation in NetScaler ADC and NetScaler Gateway, causing a memory overread when configured as a SAML IDP. Affected products are NetScaler ADC and NetScaler Gateway; root cause is input validation weaknesses leading to memory overread. The CVSS metrics ...

8.8CVSS5.8AI score0.00502EPSS
In wildExploits0References1Affected Software2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40305

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
Rows per page
Query Builder