Lucene search
K

446731 matches found

Cvelist
Cvelist
added 2026/06/18 4:13 p.m.19 views

CVE-2026-54105 U.S. GAO EPDS and CBCA EDS user information disclosure

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.22 views

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:13 p.m.10 views

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:12 p.m.22 views

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:12 p.m.9 views

EUVD-2026-37910

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.4AI score0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:12 p.m.6 views

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS5.5AI score0.00427EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.32 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS0.00427EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/18 4:11 p.m.10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.64 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

8.8CVSS6AI score0.03663EPSS
Exploits21References8
OSV
OSV
added 2026/06/18 3:54 p.m.4 views

SUSE-SU-2026:2458-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds read...

8.8CVSS6.2AI score0.06662EPSS
Exploits4References15
OSV
OSV
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
OSV
OSV
added 2026/06/18 11:18 a.m.8 views

ROOT-APP-MAVEN-CVE-2024-38821 CVE-2024-38821 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2024-38821 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

9.1CVSS7.4AI score0.01726EPSS
Exploits2
OSV
OSV
added 2026/06/18 10:10 a.m.5 views

RHSA-2026:26994 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

7.5CVSS4.8AI score0.0243EPSS
Exploits1References20
OSV
OSV
added 2026/06/18 10:10 a.m.6 views

RHSA-2026:26709 Red Hat Security Advisory: xorg-x11-server security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS4.8AI score0.00165EPSS
Exploits0References49
OSV
OSV
added 2026/06/18 10:10 a.m.7 views

RHSA-2026:26639 Red Hat Security Advisory: redhat-ds:12 security update

Bulletin has no description...

7.5CVSS4.8AI score0.00815EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 10:10 a.m.5 views

RHSA-2026:26638 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

7.5CVSS4.8AI score0.0243EPSS
Exploits1References20
OSV
OSV
added 2026/06/18 10:9 a.m.9 views

RHSA-2026:26630 Red Hat Security Advisory: firefox security update

Bulletin has no description...

7.5CVSS4.9AI score0.00605EPSS
Exploits0References112
OSV
OSV
added 2026/06/18 10:9 a.m.5 views

RHSA-2026:26629 Red Hat Security Advisory: firefox security update

Bulletin has no description...

7.5CVSS4.9AI score0.00605EPSS
Exploits0References112
OSV
OSV
added 2026/06/18 10:9 a.m.5 views

RHSA-2026:26610 Red Hat Security Advisory: xorg-x11-server security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS4.9AI score0.00165EPSS
Exploits0References49
OSV
OSV
added 2026/06/18 10:9 a.m.6 views

RHSA-2026:26599 Red Hat Security Advisory: redhat-ds:12 security update

Bulletin has no description...

7.5CVSS4.8AI score0.00815EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 10:9 a.m.5 views

RHSA-2026:26606 Red Hat Security Advisory: firefox security update

Bulletin has no description...

7.5CVSS4.9AI score0.00605EPSS
Exploits0References112
Rows per page
Query Builder