Lucene search
K

79061 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-58446 Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS0.00437EPSS
Exploits0References5
OSV
OSV
added 4 days ago7 views

GHSA-F5MR-Q85P-6HH6 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage

Impact Three security vulnerabilities were identified in the OIDC Discovery client: 1. Blind Server-Side Request Forgery SSRF via Cross-Host Redirects: Fulcio uses an HTTP client to fetch OIDC discovery metadata /.well-known/openid-configuration. Prior to this fix, if a configured issuer returned...

8.7CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58169 Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40371

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
CVE
CVE
added 4 days ago8 views

CVE-2026-58165

OpenZiti (up to v2.0.0) contains a privilege-escalation via Unauthorized Enrollment Creation. The ApplyCreate function in controller/model/enrollment_manager.go validates only that the target identity exists, with no authorization binding the caller to the target. Authenticated non-admin users wi...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 4 days ago11 views

CVE-2026-27883

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-27882

Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.

4.8CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...

4.8CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-4629

CVE-2026-4629 affects Keycloak. A highly privileged user with the ability to manage clients can inject a hardcoded role mapper into any client, bypassing scope restrictions and injecting the realm-admin role into generated tokens, yielding full administrative access to the realm. The vulnerabilit...

6.5CVSS5.7AI score0.0024EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40234

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS6.8AI score0.00244EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-53916

Name of the Vulnerable Software and Affected Versions OpenZiti versions prior to 2.0.1 Description A privilege escalation flaw exists in the controller enrollment management path. An authenticated non-admin identity with fine-grained enrollment management permissions can create enrollments for an...

8.8CVSS6AI score0.00244EPSS
Exploits0References9
NVD
NVD
added 5 days ago7 views

CVE-2026-57997

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00147EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago22 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00147EPSS
Exploits0References4
CVE
CVE
added 5 days ago10 views

CVE-2026-57997

The CVE concerns the Strapi users-permissions plugin where JWT algorithm restrictions are not enforced if plugin::users-permissions.jwt.algorithm is not explicitly configured. This allows the server to accept HS384 and HS512 tokens alongside HS256. An attacker who possesses the jwtSecret can mint...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS0.00609EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

UBUNTU-CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString XS.xs inspects the previous token's last byte to choose between a regexp literal and a...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5
Rows per page
Query Builder