CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

ATTACKERKB•added 2026/05/11 9:6 p.m.•3 views

CVE-2026-43886

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...

8.2CVSS5.8AI score0.00029EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/04/02 3:31 p.m.•4 views

Keycloak: Application-Level DoS via Scope Processing

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

7.5CVSS5.9AI score0.00024EPSS

Exploits0References10Affected Software1

RedHat Linux•added 2026/04/02 1:54 p.m.•8 views

keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters

7.5CVSS5.9AI score0.00024EPSS

Exploits0References4

RedHat Linux•added 2026/04/02 1:53 p.m.•3 views

keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters

7.5CVSS5.8AI score0.00024EPSS

Exploits0References4

RedhatCVE•added 2026/04/02 12:44 p.m.•0 views

CVE-2026-4634

7.5CVSS5.8AI score0.00024EPSS

Exploits0References3

CVE•added 2026/04/02 12:44 p.m.•7 views

CVE-2026-4634

Keycloak exposes a Denial of Service vulnerability (CVE-2026-4634) where an unauthenticated attacker can trigger excessive resource consumption by sending a specially crafted POST to the OpenID Connect token endpoint with an excessively long scope parameter, causing prolonged processing and servi...

7.5CVSS5.9AI score0.00024EPSS

Exploits0References6Affected Software1

ATTACKERKB•added 2026/04/02 12:44 p.m.•1 views

CVE-2026-4634

7.5CVSS5.9AI score0.00024EPSS

Exploits0References7

Vulnrichment•added 2026/04/02 12:44 p.m.•0 views

CVE-2026-4634 Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

7.5CVSS5.8AI score0.00024EPSS

Exploits0References6

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29731

7.5CVSS5.9AI score0.00024EPSS

Exploits0References3

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-202195

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a block in the...

6.1CVSS5.3AI score0.00011EPSS

Exploits0References4

NVD•added 2025/12/09 6:15 p.m.•1 views

CVE-2025-34404

6.1CVSS0.00011EPSS

Exploits0References3

Cvelist•added 2025/12/09 6:7 p.m.•16 views

CVE-2025-34404 MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx

5.3CVSS0.00011EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-3540

Malware in sbrugna...

9.8CVSS9.3AI score0.19665EPSS

Exploits7References4

OSV•added 2025/07/25 3:15 a.m.•0 views

CVE-2025-8126

A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument paramsdataScope leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

8.8CVSS5.7AI score

Exploits0References4

CNNVD•added 2025/07/25 12:0 a.m.•2 views

deer-wms-2 注入漏洞

deer-wms-2 is a Chinese deerwms open source warehouse management system . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from the file /system/role/export on the parameter paramsdataScope incorrect operation leads to SQL injection...

8.8CVSS6.8AI score0.00223EPSS

Exploits1References6

CNNVD•added 2025/07/25 12:0 a.m.•1 views

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from incorrect manipulation of the parameter paramsdataScope in the file /system/user/list resulting in SQL injection...

8.8CVSS6.8AI score0.00223EPSS

Exploits1References6

OSV•added 2024/07/12 4:15 p.m.•1 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

9.8CVSS5.8AI score

Exploits0References1

OSV•added 2024/07/11 3:15 p.m.•2 views

CVE-2024-6679

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

9.8CVSS5.6AI score

Exploits0References3

Positive Technologies•added 2024/07/11 12:0 a.m.•4 views

PT-2024-37797 · Unknown · Witmy My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may b...

6.5CVSS7.2AI score0.0003EPSS

Exploits0References7

Positive Technologies•added 2024/07/11 12:0 a.m.•4 views

PT-2024-37796 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/api/dept/build". The manipulation of the params.dataScope argument leads to SQL injection...

6.5CVSS7AI score0.00041EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by