Lucene search
K

11 matches found

NVD
NVD
added 11 hours ago6 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

Exploits0References1
CVE
CVE
added 12 hours ago10 views

CVE-2026-53913

Apache Camel Keycloak (camel-keycloak) CVE-2026-53913 describes a defect where KeycloakSecurityPolicy only verifies the bearer token inside role/permissions checks. With default settings (requiredRoles/requiredPermissions empty), the policy rejects missing tokens but accepts any non-null Authoriz...

6.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45223

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...

8.8CVSS5.5AI score0.00382EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/20 3:46 p.m.11 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Crabbox 安全漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from a certification bypass in the coordinator’s user token verification process. The...

8.8CVSS6.5AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 9:28 p.m.6 views

EUVD-2026-14502

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/25 9:28 p.m.13 views

AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/25 9:28 p.m.7 views

GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...

9.4CVSS6AI score0.00437EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:46 p.m.3 views

CVE-2026-33716

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/12/02 9:56 a.m.5 views

Privilege Escalation

authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...

7.5CVSS7AI score0.00244EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/10 12:0 a.m.9 views

The vulnerability of the NMI component of the authentication management software in Kubernetes clusters – AAD Pod Identity – involves bypassing the verification token, allowing attackers to elevate their privileges.

The vulnerability of the NMI component in the Kubernetes AAD Pod Identity authentication management tool is related to errors in token assignment restrictions. Exploiting this vulnerability can allow attackers to increase their privileges...

5.5CVSS5.9AI score0.00709EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder