Lucene search
K

263 matches found

Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.18 views

Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

7.3CVSS5.8AI score0.0044EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 12:37 p.m.3 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/30 5:0 a.m.4 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/29 6:31 a.m.3 views

EUVD-2026-16973

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/03/29 5:15 a.m.4 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/29 4:30 a.m.2 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS6AI score0.00237EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.11 views

sbt 操作系统命令注入漏洞

SBT is an open-source build tool for Scala, Java, and other languages. Prior to SBT 1.12.7, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unvalidated user-controlled URI fragments, which could allow arbitrary commands to be executed on...

7.8CVSS6AI score0.00304EPSS
Exploits1References5
Hacker One
Hacker One
added 2026/03/22 4:50 a.m.11 views

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.12 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS5.4AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 3:30 a.m.8 views

EUVD-2026-10201

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS6.7AI score0.00403EPSS
Exploits0References7
NVD
NVD
added 2026/03/08 1:15 a.m.7 views

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/08 12:32 a.m.35 views

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

7.5CVSS0.00403EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.14 views

PT-2026-23894

Name of the Vulnerable Software and Affected Versions Shy2593666979 AgentChat versions prior to 2.3.1 Description A flaw exists in Shy2593666979 AgentChat related to improper control of resource identifiers. The issue resides within the get user info/update user info function located in the...

7.5CVSS6.9AI score0.00403EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/03/05 12:36 p.m.3 views

CVE-2025-11143

A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References4
Redos
Redos
added 2026/02/05 12:0 a.m.5 views

ROS-20260205-73-0024

A vulnerability in the sendemptyflush function of the Linux kernel dm driver is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to violate data integrity and also cause a denial of service...

5.5CVSS7.1AI score0.00145EPSS
Exploits0
Redos
Redos
added 2026/02/05 12:0 a.m.9 views

ROS-20260205-73-0016

A vulnerability in the drivers/media/usb/cx231xx/cx231xx-417.c module of the Linux kernel is related to incorrect management of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS7.1AI score0.00172EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/02/03 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2026-1227)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.0051EPSS
Exploits0References2
Redos
Redos
added 2026/01/21 12:0 a.m.7 views

ROS-20260121-73-0010

A vulnerability in the rxecleanup function of the rxepool.c component of the Linux kernel is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS7.7AI score0.00168EPSS
Exploits0
Rows per page
Query Builder