Lucene search
K

37 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 5:46 p.m.6 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/11 10:19 a.m.11 views

EUVD-2026-36224

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS5.6AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 10:19 a.m.56 views

CVE-2026-9694

GitLab CE/EE (all supported lines affected) had a vulnerability allowing an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply. Root cause: improper neutralization in email template processing. Remediation: patc...

4.3CVSS5.6AI score0.00211EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48657

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue in email template processing allows an unauthenticated user to impersonate the GitLab Support...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

100xDevs CMS 安全漏洞

100xDevs CMS is an open-source content management system developed by code100x. There is a security vulnerability in 100xDevs CMS, which stems from an authentication bypass in the Mobile API. This vulnerability could allow unauthenticated attackers to impersonate any user by submitting specially...

8.8CVSS5.8AI score0.0049EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/05/14 12:0 a.m.33 views

VulnCheck KEV: CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
In wildExploits10References5
Cvelist
Cvelist
added 2026/05/12 5:25 p.m.35 views

CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS0.00257EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.28 views

BASM (Broken Authentication & Session Management) in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0,...

9.1CVSS5.8AI score0.00715EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35025

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.2AI score0.00346EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.22 views

CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on SSO with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability...

9.8CVSS0.0052EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33093

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings versions 39.6 through 45.4 Description An issue in the integration of single sign-on SSO with Control Hub in Cisco Webex Services allows an unauthenticated, remote attacker to impersonate any user within the service. This...

9.8CVSS6AI score0.0052EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

LiteLLM 授权问题漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...

9.4CVSS5.8AI score0.0049EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/05 11:18 p.m.28 views

CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00889EPSS
Exploits0References3
NCSC
NCSC
added 2026/02/10 7:4 p.m.12 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...

6.5CVSS5.5AI score0.09457EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.9AI score0.4549EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/13 11:47 a.m.8 views

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 ,...

10CVSS7.6AI score0.4549EPSS
Exploits0
EUVD
EUVD
added 2026/01/13 12:30 a.m.6 views

EUVD-2025-206275

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.5AI score0.4549EPSS
Exploits0References2
OSV
OSV
added 2026/01/12 10:16 p.m.3 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

9.8CVSS5.7AI score0.4549EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 10:16 p.m.13 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS0.4549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 9:29 p.m.4 views

CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.6AI score0.4549EPSS
Exploits0References1
Rows per page
Query Builder