Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS7.1AI score0.01402EPSS
Exploits7References15
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.20 views

aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 1:47 p.m.5 views

CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.15 views

RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:13508)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13508 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.8CVSS7.2AI score0.01402EPSS
Exploits6References26
OSV
OSV
added 2024/07/01 7:59 p.m.32 views

GO-2024-2936 PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase

PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase...

5.4CVSS5.5AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/18 5:0 p.m.30 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS0.00289EPSS
Exploits0References2
Rows per page
Query Builder