Lucene search
K

27017 matches found

Github Security Blog
Github Security Blog
added 2026/03/23 7:56 p.m.15 views

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 7:56 p.m.3 views

GHSA-5353-F8FQ-65VC New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

Summary A logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAuthn assertion. Affected versions = v0.10.0 Description The POST /api/verify endpoint supports multiple secure verification...

4.9CVSS5.7AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 7:24 p.m.3 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 7:24 p.m.13 views

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/23 7:24 p.m.5 views

CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2026/03/23 5:38 p.m.10 views

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-30912

Name of the Vulnerable Software and Affected Versions Cockpit versions prior to 360 Description The remote login feature in Cockpit fails to validate or sanitize user-supplied hostnames and usernames passed from the web interface to the SSH client. An attacker with network access to the web servi...

10CVSS6.4AI score0.142EPSS
Exploits3References48
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

Hybridauth 信任管理问题漏洞

Hybridauth is an open-source web-based authentication and authorization software developed by Hybridauth. Versions of Hybridauth 3.12.2 and earlier contained a vulnerability related to trust management. This vulnerability stemmed from incorrect handling of parameters in the curlOptions file withi...

6.3CVSS5.8AI score0.00181EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 12:0 a.m.2 views

CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

6.3AI score0.02502EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.8 views

Siemens APE1808 Heap-based Buffer Overflow (CVE-2023-27997)

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

9.8CVSS7.8AI score0.85689EPSS
Exploits10References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27123

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

6.3CVSS5.3AI score0.00181EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 12:0 a.m.33 views

CVE-2026-24516

DigitalOcean Droplet Agent (droplet-agent)

8.8CVSS6.3AI score0.02502EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/03/22 8:0 a.m.290 views

Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

SSH Terrapin Attack Vulnerability Scanner CVE-2023-48795 A...

5.9CVSS7AI score0.93305EPSS
Exploits4
Fedora
Fedora
added 2026/03/22 12:18 a.m.4 views

[SECURITY] Fedora 44 Update: openssh-10.2p1-6.fc44

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

8.2CVSS6.9AI score0.0218EPSS
Exploits0
Fedora
Fedora
added 2026/03/21 1:11 a.m.8 views

[SECURITY] Fedora 42 Update: openssh-9.9p1-13.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

8.2CVSS6.9AI score0.0218EPSS
Exploits0
Snyk
Snyk
added 2026/03/20 9:47 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the pluginImport.json.php endpoint. An attacker can execute arbitrary code on the server by tricking an authenticated admin into...

8.8CVSS6.2AI score0.00367EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/20 8:55 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:55 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/03/20 4:0 p.m.7 views

Secure agentic AI end-to-end

Next week, RSAC™ Conference celebrates its 35-year anniversary as a forum that brings the security community together to address new challenges and embrace opportunities in our quest to make the world a safer place for all. As we look towards that milestone, agentic AI is reshaping industries...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/20 2:24 p.m.5 views

OESA-2026-1653 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
Rows per page
Query Builder