Lucene search
+L

40 matches found

Cvelist
Cvelist
added 3 hours ago9 views

CVE-2026-15943 Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS
Exploits0References2
CVE
CVE
added 3 hours ago4 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:36 p.m.4 views

DRUPAL-CONTRIB-2026-053

This module enables you to use OpenAI as a provider for the AI module. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have the access to change the host url...

3.3CVSS5.9AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

8.3CVSS5.4AI score0.00173EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.32 views

CVE-2026-1398 Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

4.3CVSS0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/28 11:23 a.m.8 views

EUVD-2026-4894

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.7 views

CVE-2026-24578

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.34 views

CVE-2026-24578 WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

4.3CVSS0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.18 views

CVE-2026-24578

CVE-2026-24578 is a Missing Authorization (Broken Access Control) issue in the WordPress plugin Admin login URL Change. Affected versions 1.1.5 or apply vendor-provided fixes as they become available. Monitor advisories (e.g., Patchstack, CVE listings, PT Security writeups) for any updated impac...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : firefox-128.8.0-1.el8_10.ML.1 (AXSA:2025-9730:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9730:07 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...

8.8CVSS6.8AI score0.00519EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-16118

Malware in sbrugna...

5.3CVSS5.6AI score0.00944EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-28997

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-24883

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00412EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-5257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with...

4.9CVSS6.3AI score0.0042EPSS
Exploits0References2
Citrix
Citrix
added 2025/05/23 12:0 a.m.16 views

CVAD 2402 - Citrix Storefront SSO failed after change the Base URL

After the customer modified the Base URL setting to use a different hostname, single sign-on SSO functionality stopped working for all users across the environment. However, when the Base URL is reverted back to the original hostname of the StoreFront server, single sign-on resumes normal operati...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.5 views

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS6.6AI score0.00412EPSS
Exploits2References1
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Error: "HTTP Error 404" When Accessing StoreFront Through NetScaler Gateway

Error: "HTTP Error 404" when accessing StoreFront through NetScaler Gateway. This issue surfaces after changing the StoreFront base URL from HTTP to HTTPS. The following is the NetScaler Session Profile snippet:...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2024/07/10 12:0 a.m.44 views

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

9.8CVSS7AI score0.06036EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2023/09/01 11:15 a.m.12 views

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

5.5CVSS5.7AI score0.00711EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.6 views

PT-2023-28979 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 16.1.4 GitLab CE/EE versions 16.2 through 16.2.4 GitLab CE/EE versions 16.3 through 16.3.0 Description: An issue has been discovered that allows a malicious Maintainer to leak the sentry token under specific...

5.5CVSS6.5AI score0.00429EPSS
Exploits0References11
Rows per page
Query Builder