Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

8.1CVSS6.1AI score0.00301EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/19 2:35 p.m.13 views

OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 5:49 p.m.24 views

CVE-2026-44651

SillyTavern’s CVE-2026-44651 affects the CORS proxy middleware (src/middleware/corsProxy.js). Before version 1.18.0, when fetch(url) throws, the code writes a 500 error response that includes the attacker-controlled url directly in plain text: "Error occurred while trying to proxy to: " + url + …...

6.9CVSS5.9AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:46 p.m.11 views

EUVD-2026-33402

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 5:43 p.m.2 views

CVE-2026-44652 SillyTavern: SSRF vulnerability in the CORS proxy middleware

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS6AI score0.00375EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 4:23 p.m.21 views

CVE-2026-27023

Twenty CRM prior to v1.18 had SSRF protection in SecureHttpClientService that failed to validate redirect targets. An authenticated user controlling outbound URLs could bypass private IP blocking by redirecting via an attacker-controlled server, enabling SSRF. The issue is fixed in v1.18. Affecte...

5CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/05 4:23 p.m.9 views

EUVD-2026-9845

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.8AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 11:42 a.m.6 views

SUSE-SU-2026:0558-1 Security update for libnvidia-container

This update for libnvidia-container fixes the following issues: Update to version 1.18.0. Security issues fixed: - CVE-2024-0132: time-of-check time-of-use TOCTOU race condition in default configuration via specifically crafted container image bsc1231033. - CVE-2024-0133: data tampering in host...

9CVSS5.8AI score0.37055EPSS
Exploits2References5
CVE
CVE
added 2026/02/04 9:18 p.m.30 views

CVE-2026-25518

Summary: CVE-2026-25518 affects cert-manager-controller in Kubernetes clusters. In versions 1.18.0–1.18.4 and 1.19.0–1.19.2, the controller performs DNS lookups during ACME DNS-01 processing using unencrypted DNS, allowing an attacker able to intercept DNS traffic from the cert-manager pod to ins...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 1:55 a.m.2 views

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS6.7AI score0.0039EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/04 6:48 a.m.31 views

CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification

The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...

4.8CVSS0.00295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs...

7.5CVSS6.3AI score0.16157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.5 views

PT-2024-36093 · Unknown · Roninwp Revy

Name of the Vulnerable Software and Affected Versions: Roninwp Revy versions 1.18 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the Roninwp Revy...

9.3CVSS8.4AI score0.00569EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.6 views

ELECOM WRC 代码注入漏洞

The ELECOM WRC is a home-applicable network camera from ELECOM Japan. A code injection vulnerability exists in ELECOM WRC-1167FEBK-A v1.18 and earlier versions, which stems from the presence of a code injection that allows network-adjacent authenticated attackers to execute arbitrary operating...

8CVSS7.7AI score0.00535EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.7 views

PT-2022-4638 · Go +9 · Compress/Gzip +9

Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...

9.8CVSS7.2AI score0.10299EPSS
Exploits14References376
OSV
OSV
added 2022/01/01 5:15 a.m.6 views

AZL-43909 CVE-2021-44716 affecting package buildah 1.18.0-29

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2020/11/16 3:15 p.m.4 views

CVE-2020-25013

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler...

7.5CVSS7.1AI score0.01367EPSS
Exploits0References2
Rows per page
Query Builder