Lucene search
K

833 matches found

Nuclei
Nuclei
added 15 hours ago33 views

ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

5.3CVSS6.1AI score0.00908EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday28 views

CVE-2026-56877

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-56665

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS0.00167EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-56668

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42963

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:59 p.m.7 views

CVE-2026-49229

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/06 9:4 p.m.34 views

CVE-2026-32718 Coolify read-scoped API tokens can perform state-changing validation operations

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and...

6.5CVSS0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 8:31 p.m.10 views

EUVD-2026-37817

Steeltoe's static JWKS cache shared across schemes and never invalidated...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 8:29 a.m.12 views

CVE-2026-14336

The connected documents confirm CVE-2026-14336 affects PIA’s OIDC issuer allowlist for Jenkins tokens. The issue is a faulty host-bounded URL validation: issuer.startswith(' https://ci.eclipse.org ') is used in is_issuer_known (pia/models.py:139) instead of properly validating the issuer as a hos...

8.2CVSS6AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.10 views

CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...

8.7CVSS0.00543EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 2:25 p.m.19 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 2:26 p.m.24 views

CVE-2026-27882

Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.

4.8CVSS5.8AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-468 PraisonAI Has Authentication Bypass via OAuthManager.validate_token()

Summary OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. Details...

9.1CVSS5.9AI score0.00375EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-315 Cobbler Improper Validation of Security Tokens

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.2AI score0.12484EPSS
Exploits0References6
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Cobbler Improper Validation of Security Tokens

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.1AI score0.12484EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:40 p.m.44 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS0.00153EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 7:40 p.m.9 views

CVE-2026-12112 Foreman-mcp-server: mcp server: active session hijacking via insecure session state reuse

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:42 p.m.22 views

CVE-2026-54308

CVE-2026-54308 affects the n8n platform, specifically versions prior to 2.25.7 and 2.26.2. The MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests, enabling an unauthenticated attacker who knows the webhook URL to submit a forged payload and cause workflow execution...

7.2CVSS5.9AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:42 p.m.50 views

CVE-2026-54308 n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

6.3CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder