Lucene search
K

464 matches found

Cvelist
Cvelist
added 2026/03/17 6:37 a.m.34 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:37 a.m.1 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 6:37 a.m.15 views

CVE-2026-3237

Octopus Server contains an API endpoint with insufficient permission validation that allows a low-privileged user to manipulate signing key expiration and revocation time frames. Keys are not exposed by this issue. The provided documents confirm the vulnerability description but do not specify af...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Oracle linux
Oracle linux
added 2026/03/17 12:0 a.m.9 views

kernel security update

5.14.0-611.41.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS6.3AI score0.00173EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2026-30869

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.8CVSS6.4AI score0.01028EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2026/03/10 12:0 a.m.12 views

kernel security update

5.14.0-611.38.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS7AI score0.00188EPSS
Exploits0
OSV
OSV
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.5AI score0.01028EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 10:28 p.m.3 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2026/03/09 12:0 a.m.10 views

kernel security update

4.18.0-553.111.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

5.8AI score0.00188EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/02/25 12:0 a.m.11 views

kernel security update

6.12.0-124.39.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

7.8CVSS6.2AI score0.00183EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/02/24 12:0 a.m.16 views

kernel security update

5.14.0-611.35.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS6.5AI score0.00161EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/02/16 12:0 a.m.14 views

kernel security update

5.14.0-611.34.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.1CVSS5.5AI score0.0071EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.6 views

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

9.2CVSS5.6AI score0.00278EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/12 7:6 p.m.6 views

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

9.2CVSS5.6AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/02/09 9:31 p.m.2 views

GHSA-37GF-GMXV-74WV Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.8AI score0.00449EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/02/09 9:31 p.m.10 views

Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.6AI score0.00449EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/09 8:37 p.m.43 views

org.keycloak.protocol.oidc.grants: Disabled identity providers are still accepted for JWT Authorization Grant

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.7AI score0.00449EPSS
Exploits0References4
NVD
NVD
added 2026/02/09 8:15 p.m.5 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS0.00449EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:36 p.m.4 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.6AI score0.00449EPSS
Exploits0References5
Rows per page
Query Builder