Lucene search
K

124 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-26134

Name of the Vulnerable Software and Affected Versions nghttp2 versions prior to 1.68.1 Description nghttp2 is a C implementation of the Hypertext Transfer Protocol version 2. Versions of nghttp2 prior to 1.68.1 are susceptible to a denial-of-service condition. This occurs because the library does...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References182
OSV
OSV
added 2025/12/15 8:33 p.m.4 views

GO-2025-4168 Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server

Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causin...

9.9CVSS6.9AI score0.0031EPSS
Exploits0References9
Snyk
Snyk
added 2025/12/09 12:0 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state...

6.9CVSS7AI score0.00311EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/05 9:34 p.m.10 views

CVE-2025-27935

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS7.1AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 9:16 p.m.5 views

CVE-2025-27935

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 8:38 p.m.23 views

CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 8:38 p.m.15 views

CVE-2025-27935

The CVE-2025-27935 issue concerns the OTP Integration Kit for PingFederate. According to connected sources, it fails to enforce HTTP method validation and state validation, allowing the server to advance authentication without verifying the OTP and effectively bypassing multi-factor authenticatio...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/04 8:38 p.m.6 views

EUVD-2025-201281

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS6.6AI score0.00367EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/04 8:38 p.m.11 views

CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS6.7AI score0.00367EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Ping Identity One-Time Passcode Integration Kit for PingFederate 安全漏洞

Ping Identity One-Time Passcode Integration Kit for PingFederate is a suite of software tools and adapters from Ping Identity USA. A security vulnerability exists in Ping Identity One-Time Passcode Integration Kit for PingFederate that stems from not properly validating the HTTP method and state,...

8.6CVSS6.6AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.5 views

PT-2025-49136

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

8.6CVSS7.1AI score0.00367EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/27 4:43 p.m.2 views

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to improper validation of OAuth state tokens during the OpenID Connect authentication...

9.9CVSS7AI score0.0031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/27 3:55 p.m.4 views

CVE-2025-12419 Account takeover on OAuth/OpenID-enabled servers

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.3AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 9:31 p.m.5 views

EUVD-2025-198984

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS6.2AI score0.00137EPSS
Exploits0References3
CVE
CVE
added 2025/11/24 12:0 a.m.19 views

CVE-2025-56400

CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...

8.8CVSS6.3AI score0.00137EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added 2025/10/16 12:25 p.m.4 views

CVE-2025-39969

In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use...

7CVSS5.8AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-17821

Malware in sbrugna...

5.3CVSS5.6AI score0.00804EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-17193

Malware in sbrugna...

8.4CVSS7.5AI score0.00146EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/01 8:7 a.m.4 views

CVE-2025-39927

In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...

4.7CVSS4.9AI score0.001EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-18021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who ca...

7.1CVSS7.2AI score0.0057EPSS
Exploits0References2
Rows per page
Query Builder