Lucene search
K

822 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.11 views

CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35302

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

WordPress plugin Helpfulcrowd Product Reviews 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 10:59 p.m.12 views

Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score0.00143EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47566

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47605

Name of the Vulnerable Software and Affected Versions Netty ionettyincubatorcodecquic affected versions not specified Description The NoQuicTokenHandler component fails to properly validate tokens when no specific token handler is set by the application. Specifically, the validateToken function...

7.5CVSS5.4AI score0.00143EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.8 views

CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.4AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-8428

Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...

8.8CVSS5.3AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:36 p.m.11 views

EUVD-2026-34032

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:36 p.m.12 views

CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/02 8:36 p.m.28 views

CVE-2026-45289

CloudburstMC Protocol (Minecraft Bedrock Edition) has a vulnerability in the EncryptionUtils validation for FULL type auth tokens prior to version 3.0.0.Beta12-20260420.182526-15. Exploitation affects software depending on this protocol library by potentially weakening authentication payload vali...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45856

Name of the Vulnerable Software and Affected Versions CloudburstMC Protocol versions prior to 3.0.0.Beta12-20260420.182526-15 Description CloudburstMC Protocol, a protocol library for Minecraft Bedrock Edition, contains a flaw where validation for FULL type authentication tokens is partially...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 9:8 p.m.12 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.1AI score0.00269EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.13 views

CVE-2026-44882

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 10:14 p.m.6 views

GHSA-XH5J-XJFQ-QVVX stigmem-node's federation peer token timestamp validation may reject valid peer tokens

Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated...

7.1CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:1 p.m.20 views

Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...

5.8AI score0.00016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 9:1 p.m.26 views

CVE-2026-44882

Portainer’s Kubernetes middleware (kubeClientMiddleware) is affected by CVE-2026-44882. The issue occurs in Portainer CE/EE from 2.33.0 up to before 2.33.8, where security.RetrieveTokenData can return an error and the middleware writes a 403 without returning, allowing execution to continue with ...

8.1CVSS6AI score0.00335EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:1 p.m.33 views

CVE-2026-44882 Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...

8.1CVSS0.00335EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 9:1 p.m.9 views

CVE-2026-44882 Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 9:1 p.m.9 views

EUVD-2026-33060

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...

8.1CVSS6AI score0.00335EPSS
Exploits1References1
Rows per page
Query Builder